Security Basics mailing list archives
RE: Ftp Login
From: "Optrics Engineering - Shaun Sturby, MCSE" <Shaun () Optrics com>
Date: Mon, 4 Nov 2002 13:27:10 -0700
FYI - WS_FTP Pro and WS_FTP Server (www.ipswitch.ca) with SSL enabled negotiate SSL _before_ authentication and encrypt all traffic. Shaun -----Original Message----- From: KoRe MeLtDoWn [mailto:koremeltdown () hotmail com] Sent: Friday, November 01, 2002 7:39 PM To: pablo.gietz () nuevobersa com ar; security-basics () securityfocus com Subject: Re: Ftp Login Hi Pablo, Yes the FTP login transaction process is untaken in plain text - this I think is stated in the RFC, but don't quote me on it. This does raise security problems say for instance when an attacker is sniffing a network it is possible to steal passwords etc. There are programs that support encryption, but this appears to be only during post logon actions. If there are any ftp servers & clients that have encryption ability during the logon procedure then I myself would be very hhappy to hear about them - perhaps someone could help me? Hamish Stanaway -= KoRe WoRkS =- Internet Security Owner/Operator http://www.koreworks.com/ New Zealand Is your box REALLY secure? ___________________________________________________________________________________ IMail Server has scanned this e-mail for viruses using Declude Virus from Optrics.com
Current thread:
- Ftp Login Pablo Gietz (Nov 01)
- Re: Ftp Login Michael Lee (Nov 04)
- Re: Ftp Login Chris Field (Nov 04)
- Re: Ftp Login landgraf (Nov 04)
- Re: Ftp Login Devdas Bhagat (Nov 04)
- <Possible follow-ups>
- RE: Ftp Login Gene LeDuc (Nov 04)
- Re: Ftp Login KoRe MeLtDoWn (Nov 04)
- RE: Ftp Login Optrics Engineering - Shaun Sturby, MCSE (Nov 08)