Security Basics mailing list archives

Re: Ftp Login

From: "KoRe MeLtDoWn" <koremeltdown () hotmail com>
Date: Sat, 02 Nov 2002 02:39:03 +0000

Hi Pablo,

Yes the FTP login transaction process is untaken in plain text - this Ithink is stated in the RFC, but don't quote me on it. This does raisesecurity problems say for instance when an attacker is sniffing a network itis possible to steal passwords etc.There are programs that support encryption, but this appears to be onlyduring post logon actions.If there are any ftp servers & clients that have encryption ability duringthe logon procedure then I myself would be very hhappy to hear about them -perhaps someone could help me?


Hamish Stanaway

-= KoRe WoRkS =- Internet Security
Owner/Operator
http://www.koreworks.com/

New Zealand

Is your box REALLY secure?


yes.

From: "Pablo Gietz" <pablo.gietz () nuevobersa com ar>
To: <security-basics () securityfocus com>
Subject: Ftp Login
Date: Fri, 1 Nov 2002 15:51:36 -0300
MIME-Version: 1.0

Received: from outgoing.securityfocus.com ([205.206.231.27]) bymc3-f10.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 1 Nov2002 17:32:59 -0800Received: from lists.securityfocus.com (lists.securityfocus.com[205.206.231.19])by outgoing.securityfocus.com (Postfix) with QMQPidA318CA30B4; Fri, 1 Nov 2002 17:05:17 -0700 (MST)

Received: (qmail 7847 invoked from network); 1 Nov 2002 18:25:20 -0000
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Message-ID: <000901c281d7$b4b2e590$165c6481@SEG01>
Organization: Nuevo Banco de Entre Ríos S.A.
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Return-Path: pablo.gietz () nuevobersa com ar
X-MDaemon-Deliver-To: security-basics () securityfocus com

Return-Path:security-basics-return-15674-koremeltdown=hotmail.com () securityfocus comX-OriginalArrivalTime: 02 Nov 2002 01:32:59.0864 (UTC)FILETIME=[C73DED80:01C2820F]


Hi  list

DO you know if FTP (standard) login process is maked in clear text?

thanks
Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351

Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351


_________________________________________________________________

Surf the Web without missing calls! Get MSN Broadband.http://resourcecenter.msn.com/access/plans/freeactivation.asp

Current thread:

Ftp Login Pablo Gietz (Nov 01)
- Re: Ftp Login Michael Lee (Nov 04)
- Re: Ftp Login Chris Field (Nov 04)
- Re: Ftp Login landgraf (Nov 04)
- Re: Ftp Login Devdas Bhagat (Nov 04)
- <Possible follow-ups>
- RE: Ftp Login Gene LeDuc (Nov 04)
- Re: Ftp Login KoRe MeLtDoWn (Nov 04)
  - RE: Ftp Login Optrics Engineering - Shaun Sturby, MCSE (Nov 08)