Vulnerability Development: Re: FTP Passive Connection Hijacking Script

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: FTP Passive Connection Hijacking Script

From: Bluefish <11a () GMX NET>
Date: Sat, 29 Jul 2000 13:36:15 +0200

SRP FTP still suffers from some of the security problems inherent in the FTP
protocol, but it's a considerable improvement.


Additionally you have the sftp which is basicly an ftp-alike command but
which works over the ssh2-protocoll. And last time I checked, ssh2 has
recieved a big level of confidence from crypography and security
communities. (ssh2 is basicly ssh1 with a few security improvements)

So far sftp is rarely used, and only available to unix (requires the
ssh2-deamon). The downside is that ssh2 encrypts everything, so even "not
so secret" information is enciphered, which really is useless to an
anonymous ftp, as an example. If CPU cycles are scarce, SSH2 will probably
steal too much CPU power.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

By Date By Thread

Current thread:

FTP Passive Connection Hijacking Script H D Moore (Jul 24)
- <Possible follow-ups>
- Re: FTP Passive Connection Hijacking Script Tomasz Grabowski (Jul 27)
- Re: FTP Passive Connection Hijacking Script Michael Wojcik (Jul 28)
  - Re: FTP Passive Connection Hijacking Script Bluefish (Jul 30)