Andre- Tuesday, September 7, 2004, 4:48:52 PM, you wrote:
AG> I never researched packet capture and those "security auditing" AG> tools... the thing that scares me most is the fact that when in passive AG> mode, the server will start listening in a data port and accepts any AG> connection without checking if the data port client is the same one in AG> the control port, and it will send the file to that client, file theft AG> is just a matter of being there in the right time... very scary... Yes - I don't use passive mode unless I'm absolutely forced to by a server environment. You might look into the SFTP protocol to see how ftp is handled using SSH as a tunneling mechanism. From my brief glance at it the handshaking doesn't look too bad and all the dirty work is handled by the ssh tunnel. Packet sniffing is just way too easy. -- -Mark Wieder [EMAIL PROTECTED] _______________________________________________ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
