On Fri, 15 Sep 2000, Cole Tuininga <[EMAIL PROTECTED]> wrote:
>
> To a limited extent, I have to respectfully disagree.
>
> Bruce Dawson wrote:
> >
> > You can configure your firewall to allow FTP connections through. However this
> > is generally considered a really bad thing to do for several reasons:
> >
> > 1. FTP passes passwords in clear text - anyone on the Mediaone segment can sniff
> > them out.
>
> While the concept here is true (ftp/plaintext passwords/BAD thing), I
> don't believe that MediaOne users can sniff. I put my card at home into
> promisc mode, took a look at a sniffer, and saw nothing but my own
> traffic.
This is a good point. You probabably also got broadcast and ARP
requests too, which is reasonable (although annoying if a neighbor has
broken machine broadcasting this stuff like mad).
HOWEVER if a person were truly devious they have the RF signal on the
_other_ side of the cable modem at their disposal. This IS a shared
medium. So a neighbor with a hacked-up cable modem could sniff your
traffic. This reminds me of something like cable TV descramblers
(though I imagine more complicated).
This could be solved if Mediaone used encryption for the customers
packets (using, say, public-key crypto). There is a general spec for
cable modems called DOCSIS. It has a Baseline Privacy component. See
http://www.broadcom.com/ed-security.html
for more info. I don't believe Mediaone implements encryption of the customers
packets. Even if you have a DOCSIS compliant Cable Modem, doesn't mean
encryption is turned on (the provider can disable it in the handshake).
> I would reiterate that the point below about using ssh/scp
> would be a MUCH better idea.
Yes, this is the best way to go.
Karl Runge
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
