[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: FTP access for users ?
Alex Shnitman <alexsh@hectic.net> wrote:
> Evgeny Stambulchik writes:
>
> > PS. I hope you're aware that enabling non-anonymous ftp access not
> inside a
> > firewalled network is basically equivalent to putting all your users'
> > passwords in the plain text format and sending it to a ... er ...
> mailing
> > list :)
>
> Do you mind elaborating on this issue?
Well, of course, nothing special regarding ftp - same is true for any
service that uses plain text passwords for authentication (telnet, rsh,
POP3, ...). A simple sniffer planted in a PC on the same network would scan
network traffic, filter out login & pass pairs and send them to somebody
(for example). For further info, check a 2600 site or news forum :)
Regards,
Evgeny
--
____________________________________________________________
/ Evgeny Stambulchik <fnevgeny@plasma-gate.weizmann.ac.il> \
/ Plasma Laboratory, Weizmann Institute of Science, Israel \ \
| Phone : (972)8-934-3610 == | == FAX : (972)8-934-3491 | |
| URL : http://plasma-gate.weizmann.ac.il/~fnevgeny/ | |
| Finger for PGP key >=====================================+ |
|______________________________________________________________|