mailing list archives
RE: Ftp Login
From: "Optrics Engineering - Shaun Sturby, MCSE" <Shaun () Optrics com>
Date: Mon, 4 Nov 2002 13:27:10 -0700
FYI - WS_FTP Pro and WS_FTP Server (www.ipswitch.ca) with SSL enabled
negotiate SSL _before_ authentication and encrypt all traffic.
From: KoRe MeLtDoWn [mailto:koremeltdown () hotmail com]
Sent: Friday, November 01, 2002 7:39 PM
To: pablo.gietz () nuevobersa com ar; security-basics () securityfocus com
Subject: Re: Ftp Login
Yes the FTP login transaction process is untaken in plain text - this I
think is stated in the RFC, but don't quote me on it. This does raise
security problems say for instance when an attacker is sniffing a network it
is possible to steal passwords etc.
There are programs that support encryption, but this appears to be only
during post logon actions.
If there are any ftp servers & clients that have encryption ability during
the logon procedure then I myself would be very hhappy to hear about them -
perhaps someone could help me?
-= KoRe WoRkS =- Internet Security
Is your box REALLY secure?
IMail Server has scanned this e-mail for viruses using Declude Virus from Optrics.com
- Ftp Login Pablo Gietz (Nov 02)
- <Possible follow-ups>
- RE: Ftp Login Gene LeDuc (Nov 04)
- Re: Ftp Login KoRe MeLtDoWn (Nov 04)
- RE: Ftp Login Optrics Engineering - Shaun Sturby, MCSE (Nov 09)