Vulnerability Development mailing list archives

Re: FTP Passive Connection Hijacking Script

From: Bluefish <11a () GMX NET>
Date: Sat, 29 Jul 2000 13:36:15 +0200

SRP FTP still suffers from some of the security problems inherent in the FTP
protocol, but it's a considerable improvement.


Additionally you have the sftp which is basicly an ftp-alike command but
which works over the ssh2-protocoll. And last time I checked, ssh2 has
recieved a big level of confidence from crypography and security
communities. (ssh2 is basicly ssh1 with a few security improvements)

So far sftp is rarely used, and only available to unix (requires the
ssh2-deamon). The downside is that ssh2 encrypts everything, so even "not
so secret" information is enciphered, which really is useless to an
anonymous ftp, as an example. If CPU cycles are scarce, SSH2 will probably
steal too much CPU power.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

Current thread:

FTP Passive Connection Hijacking Script H D Moore (Jul 24)
- <Possible follow-ups>
- Re: FTP Passive Connection Hijacking Script Tomasz Grabowski (Jul 27)
- Re: FTP Passive Connection Hijacking Script Michael Wojcik (Jul 28)
  - Re: FTP Passive Connection Hijacking Script Bluefish (Jul 30)