Carl Wilhelm Soderstrom writes: > > Why doesn't anyone like running rsyncd on a windows box standalone? > > It's not encrypted. Neither for the transfer, nor for the authentication. > Don't assume that your local network is safe. :) > > > > 2. rsyncd can be set to only allow connections from a single host (i.e. > > 192.168.1.1), so if your not on that network nothing can connect anyway. > > addresses can be spoofed. (Tho you're right, it does present a high hurdle > to overcome). > > > 3. you can secure even further using an rsyncd.secrets file. > > AFAIK, the authentication is done in plain-text tho; so it's easy for an > attacker to sniff the username & password off the wire. (switches provide a > hurdle, but not an insuperable one).
Actually, the rsyncd authentication is a challenge/response type using an MD4 hash, not plain text. The module and user name are plain text. Sniffing would allow a dictionary-style attack (like any challenge/response system) which would be successful if the password was easy to guess. You are right that the data is not encrypted. Craig ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
