Home page logo

basics logo Security Basics mailing list archives

RE: Ftp Login
From: "Optrics Engineering - Shaun Sturby, MCSE" <Shaun () Optrics com>
Date: Mon, 4 Nov 2002 13:27:10 -0700

FYI - WS_FTP Pro and WS_FTP Server (www.ipswitch.ca) with SSL enabled
negotiate SSL _before_ authentication and encrypt all traffic.


-----Original Message-----
From: KoRe MeLtDoWn [mailto:koremeltdown () hotmail com]
Sent: Friday, November 01, 2002 7:39 PM
To: pablo.gietz () nuevobersa com ar; security-basics () securityfocus com
Subject: Re: Ftp Login

Hi Pablo,
Yes the FTP login transaction process is untaken in plain text - this I
think is stated in the RFC, but don't quote me on it. This does raise
security problems say for instance when an attacker is sniffing a network it
is possible to steal passwords etc.
There are programs that support encryption, but this appears to be only
during post logon actions.
If there are any ftp servers & clients that have encryption ability during
the logon procedure then I myself would be very hhappy to hear about them -
perhaps someone could help me?

Hamish Stanaway

-= KoRe WoRkS =- Internet Security

New Zealand

Is your box REALLY secure?


IMail Server has scanned this e-mail for viruses using Declude Virus from Optrics.com  

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]