security experts please explain

Forums » Up and Running » Security » Security » security experts please explain


Uniqs: 432	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

At&t Yahoo Online Protection.... is it good? »
« WGA, again?

kracksmith

join:2004-07-14
Fullerton, CA

security experts please explain

Ok let's just saying one of my customer is running a IIS 6.0 FTP server (which he is by the way).
He doesn't want to be running any encryptions on the FTP server. I tell him this is dangerous and somebody can sniff out your clear text username and password.

he said he doesn't go into this FTP all the time but just seldomly plus he likes the IE FTP client, it's easy to use and it's available anywhere he goes. he doesn't want to rely on a encrypted ftp client which he needs to carry or download.

he also said if somebody where to sniff out his password that hacker has to know exactly when he's logging into the FTP server which he says is impossible.

i told him i read hacker can monitor his public and leave a sniffer there 24/7. he said how? i couldn't explain this since i'm not a hacker but from a security stand point i like to know how this is done?

does somebody just run a certain sniffer monitoring program on a public IP ftp server, as easy as that?

permalink · 2006-11-22 16:13:59 · Print ·

kracksmith join:2004-07-14 Fullerton, CA	Re: security experts please explain anybody??
	permalink · 2006-11-23 08:23:57 ·

hayc59 VoodooChild Premium join:2001-02-26 David R.I.P.	Hello, and welcome give it some time...these professionals are preparing their turkeys!
	permalink · 2006-11-23 08:58:03 ·

SoonerAl Old Enough To Know Better Premium,MVM join:2002-07-23 Norman, OK 1 edit	This thread may be of interest... »unsecure FTP At a bare minimum you could use the built-in MS PPTP VPN server/client function with a strong password for the authorized users for simple but safe file access from a remote location. -- "When all else fails, read the instructions..."
	permalink · 2006-11-23 10:07:58 ·

arleybls
Premium
join:2004-05-25

4 edits

said by kracksmith

:

does somebody just run a certain sniffer monitoring program on a public IP ftp server, as easy as that?

No it is not that easy...but it could be as simple as arp poisoning on the same server's subnet to more sophisticated attacks against one of the hops in which the traffic flows...or...maybe, wire tapping the media

If your boss concern is performance, you could use IPsec to encrypt only, at least, the FTP's control/command channel (port 21), all data would still be sent in clear trough the data channel...

permalink · 2006-11-23 10:28:13 · Print ·

major marco Res Firma Mitescere Nescit Premium join:2003-02-13 Stepford, CA clubs:	said by kracksmith : does somebody just run a certain sniffer monitoring program on a public IP ftp server, as easy as that? If s/he is that obstinate about it, then I say let your "customer" live and learn. And what are you doing with clientele if you are not able to intelligently explain security issues. I hope they aren't paying you for your dearth of expertise. -- The Toll
	permalink · 2006-11-23 11:56:35 · Print ·

your comment..

Forums » Up and Running » Security » Security	At&t Yahoo Online Protection.... is it good? » « WGA, again?


Tuesday, 01-Dec 13:38:05	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF

security experts please explain

Re: security experts please explain