Yes the FTP login transaction process is untaken in plain text - this I think is stated in the RFC, but don't quote me on it. This does raise security problems say for instance when an attacker is sniffing a network it is possible to steal passwords etc.
There are programs that support encryption, but this appears to be only during post logon actions.
If there are any ftp servers & clients that have encryption ability during the logon procedure then I myself would be very hhappy to hear about them - perhaps someone could help me?
Hamish Stanaway
-= KoRe WoRkS =- Internet Security
Owner/Operator
http://www.koreworks.com/
New Zealand
Is your box REALLY secure?
yes.
From: "Pablo Gietz" <[EMAIL PROTECTED]>_________________________________________________________________
To: <[EMAIL PROTECTED]>
Subject: Ftp Login
Date: Fri, 1 Nov 2002 15:51:36 -0300
MIME-Version: 1.0
Received: from outgoing.securityfocus.com ([205.206.231.27]) by mc3-f10.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 1 Nov 2002 17:32:59 -0800
Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing.securityfocus.com (Postfix) with QMQPid A318CA30B4; Fri, 1 Nov 2002 17:05:17 -0700 (MST)
Received: (qmail 7847 invoked from network); 1 Nov 2002 18:25:20 -0000
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics@;securityfocus.com>
List-Help: <mailto:security-basics-help@;securityfocus.com>
List-Unsubscribe: <mailto:security-basics-unsubscribe@;securityfocus.com>
List-Subscribe: <mailto:security-basics-subscribe@;securityfocus.com>
Delivered-To: mailing list [EMAIL PROTECTED]
Delivered-To: moderator for [EMAIL PROTECTED]
Message-ID: <000901c281d7$b4b2e590$165c6481@SEG01>
Organization: Nuevo Banco de Entre R�os S.A.
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Return-Path: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [EMAIL PROTECTED]
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 02 Nov 2002 01:32:59.0864 (UTC) FILETIME=[C73DED80:01C2820F]
Hi list
DO you know if FTP (standard) login process is maked in clear text?
thanks
Pablo A. C. Gietz
Jefe de Seguridad Inform�tica
Nuevo Banco de Entre R�os S.A.
Te.: 0343 - 4201351
Pablo A. C. Gietz
Jefe de Seguridad Inform�tica
Nuevo Banco de Entre R�os S.A.
Te.: 0343 - 4201351
Surf the Web without missing calls!�Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp
