Security Basics mailing list archives

RE: Ftp Login

From: "Optrics Engineering - Shaun Sturby, MCSE" <Shaun () Optrics com>
Date: Mon, 4 Nov 2002 13:27:10 -0700

FYI - WS_FTP Pro and WS_FTP Server (www.ipswitch.ca) with SSL enabled
negotiate SSL _before_ authentication and encrypt all traffic.

Shaun

-----Original Message-----
From: KoRe MeLtDoWn [mailto:koremeltdown () hotmail com]
Sent: Friday, November 01, 2002 7:39 PM
To: pablo.gietz () nuevobersa com ar; security-basics () securityfocus com
Subject: Re: Ftp Login

Hi Pablo,
Yes the FTP login transaction process is untaken in plain text - this I
think is stated in the RFC, but don't quote me on it. This does raise
security problems say for instance when an attacker is sniffing a network it
is possible to steal passwords etc.
There are programs that support encryption, but this appears to be only
during post logon actions.
If there are any ftp servers & clients that have encryption ability during
the logon procedure then I myself would be very hhappy to hear about them -
perhaps someone could help me?

Hamish Stanaway

-= KoRe WoRkS =- Internet Security
Owner/Operator
http://www.koreworks.com/

New Zealand

Is your box REALLY secure?

___________________________________________________________________________________

IMail Server has scanned this e-mail for viruses using Declude Virus from Optrics.com

Current thread:

Ftp Login Pablo Gietz (Nov 01)
- Re: Ftp Login Michael Lee (Nov 04)
- Re: Ftp Login Chris Field (Nov 04)
- Re: Ftp Login landgraf (Nov 04)
- Re: Ftp Login Devdas Bhagat (Nov 04)
- <Possible follow-ups>
- RE: Ftp Login Gene LeDuc (Nov 04)
- Re: Ftp Login KoRe MeLtDoWn (Nov 04)
  - RE: Ftp Login Optrics Engineering - Shaun Sturby, MCSE (Nov 08)