Vulnerability Development mailing list archives
Re: FTP Passive Connection Hijacking Script
From: Bluefish <11a () GMX NET>
Date: Sat, 29 Jul 2000 13:36:15 +0200
SRP FTP still suffers from some of the security problems inherent in the FTP protocol, but it's a considerable improvement.
Additionally you have the sftp which is basicly an ftp-alike command but which works over the ssh2-protocoll. And last time I checked, ssh2 has recieved a big level of confidence from crypography and security communities. (ssh2 is basicly ssh1 with a few security improvements) So far sftp is rarely used, and only available to unix (requires the ssh2-deamon). The downside is that ssh2 encrypts everything, so even "not so secret" information is enciphered, which really is useless to an anonymous ftp, as an example. If CPU cycles are scarce, SSH2 will probably steal too much CPU power. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- FTP Passive Connection Hijacking Script H D Moore (Jul 24)
- <Possible follow-ups>
- Re: FTP Passive Connection Hijacking Script Tomasz Grabowski (Jul 27)
- Re: FTP Passive Connection Hijacking Script Michael Wojcik (Jul 28)
- Re: FTP Passive Connection Hijacking Script Bluefish (Jul 30)