"Karl J. Runge" wrote:
> On Fri, 15 Sep 2000, Cole Tuininga <[EMAIL PROTECTED]> wrote:
> >
> > To a limited extent, I have to respectfully disagree.
> >
> > Bruce Dawson wrote:
> > >
> > > You can configure your firewall to allow FTP connections through. However this
> > > is generally considered a really bad thing to do for several reasons:
> > >
> > > 1. FTP passes passwords in clear text - anyone on the Mediaone segment can sniff
> > > them out.
> >
> > While the concept here is true (ftp/plaintext passwords/BAD thing), I
> > don't believe that MediaOne users can sniff. I put my card at home into
> > promisc mode, took a look at a sniffer, and saw nothing but my own
> > traffic.
>
> This is a good point. You probabably also got broadcast and ARP
> requests too, which is reasonable (although annoying if a neighbor has
> broken machine broadcasting this stuff like mad).
>
> HOWEVER if a person were truly devious they have the RF signal on the
> _other_ side of the cable modem at their disposal. This IS a shared
> medium. So a neighbor with a hacked-up cable modem could sniff your
> traffic. This reminds me of something like cable TV descramblers
> (though I imagine more complicated).
>
> This could be solved if Mediaone used encryption for the customers
> packets (using, say, public-key crypto). There is a general spec for
> cable modems called DOCSIS. It has a Baseline Privacy component. See
>
> http://www.broadcom.com/ed-security.html
>
> for more info. I don't believe Mediaone implements encryption of the customers
> packets. Even if you have a DOCSIS compliant Cable Modem, doesn't mean
> encryption is turned on (the provider can disable it in the handshake).
>
> > I would reiterate that the point below about using ssh/scp
> > would be a MUCH better idea.
>
> Yes, this is the best way to go.
>
> Karl Runge
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
i like watching the 10.x.x.x routers talk arp back and fourth all day :)
could syn flood one and shut down a whole segment on the mediaone leg......
guess they ( mediaone ) is not concerend.......
just my thought..
chris
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
