On Sep 7, 2004, at 7:58 PM, Alex Tweedly wrote:
Yes, they can sniff passwords. Standard FTP (rfc959) sends passwords in cleartext, so anyone with physical access to the network, and suitable packet-capture hardware can easily sniff the password.
See rfc 2577 for various other things that will scare you about using ftp :-)
-- Alex.
I never researched packet capture and those "security auditing" tools... the thing that scares me most is the fact that when in passive mode, the server will start listening in a data port and accepts any connection without checking if the data port client is the same one in the control port, and it will send the file to that client, file theft is just a matter of being there in the right time... very scary...
andre
-- Andre Alves Garzia 2004 BRAZIL http://studio.soapdog.org
_______________________________________________ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
