[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: FTP access for users ?



Alex Shnitman <alexsh@hectic.net> wrote:
>  Evgeny Stambulchik writes:
>  
>   > PS. I hope you're aware that enabling non-anonymous ftp access not
>  inside a
>   > firewalled network is basically equivalent to putting all your users'
>   > passwords in the plain text format and sending it to a ... er ...
>  mailing
>   > list :)
>  
>  Do you mind elaborating on this issue?

Well, of course, nothing special regarding ftp - same is true for any
service that uses plain text passwords for authentication (telnet, rsh,
POP3, ...). A simple sniffer planted in a PC on the same network would scan
network traffic, filter out login & pass pairs and send them to somebody
(for example). For further info, check a 2600 site or news forum :)

Regards,

Evgeny


--
   ____________________________________________________________
  / Evgeny Stambulchik  <fnevgeny@plasma-gate.weizmann.ac.il>  \
 /  Plasma Laboratory, Weizmann Institute of Science, Israel \  \
 |  Phone : (972)8-934-3610  == | == FAX   : (972)8-934-3491 |  |
 |  URL   :    http://plasma-gate.weizmann.ac.il/~fnevgeny/  |  |
 |  Finger for PGP key >=====================================+  | 
 |______________________________________________________________|