Home page logo
/

basics logo Security Basics mailing list archives

Re: Ftp Login
From: "KoRe MeLtDoWn" <koremeltdown () hotmail com>
Date: Sat, 02 Nov 2002 02:39:03 +0000

Hi Pablo,
Yes the FTP login transaction process is untaken in plain text - this I think is stated in the RFC, but don't quote me on it. This does raise security problems say for instance when an attacker is sniffing a network it is possible to steal passwords etc. There are programs that support encryption, but this appears to be only during post logon actions. If there are any ftp servers & clients that have encryption ability during the logon procedure then I myself would be very hhappy to hear about them - perhaps someone could help me?

Hamish Stanaway

-= KoRe WoRkS =- Internet Security
Owner/Operator
http://www.koreworks.com/

New Zealand

Is your box REALLY secure?


yes.

From: "Pablo Gietz" <pablo.gietz () nuevobersa com ar>
To: <security-basics () securityfocus com>
Subject: Ftp Login
Date: Fri, 1 Nov 2002 15:51:36 -0300
MIME-Version: 1.0
Received: from outgoing.securityfocus.com ([205.206.231.27]) by mc3-f10.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 1 Nov 2002 17:32:59 -0800 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing.securityfocus.com (Postfix) with QMQPid A318CA30B4; Fri, 1 Nov 2002 17:05:17 -0700 (MST)
Received: (qmail 7847 invoked from network); 1 Nov 2002 18:25:20 -0000
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Message-ID: <000901c281d7$b4b2e590$165c6481 () SEG01>
Organization: Nuevo Banco de Entre Ríos S.A.
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Return-Path: pablo.gietz () nuevobersa com ar
X-MDaemon-Deliver-To: security-basics () securityfocus com
Return-Path: security-basics-return-15674-koremeltdown=hotmail.com () securityfocus com X-OriginalArrivalTime: 02 Nov 2002 01:32:59.0864 (UTC) FILETIME=[C73DED80:01C2820F]

Hi  list

DO you know if FTP (standard) login process is maked in clear text?

thanks
Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351

Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351

_________________________________________________________________
Surf the Web without missing calls! Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]