Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » security experts please explain
Search Topic:
Uniqs:
438		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
At&t Yahoo Online Protection.... is it good? »
« WGA, again?  
AuthorAll Replies


major marco
Res Firma Mitescere Nescit
Premium
join:2003-02-13
Stepford, CA
clubs:

reply to kracksmith
Re: security experts please explain

said by kracksmith See Profile :

does somebody just run a certain sniffer monitoring program on a public IP ftp server, as easy as that?
If s/he is that obstinate about it, then I say let your "customer" live and learn. And what are you doing with clientele if you are not able to intelligently explain security issues. I hope they aren't paying you for your dearth of expertise.
--
The Toll

to forum · permalink · · 2006-11-23 11:56:35 · Reply to this


arleybls
Premium
join:2004-05-25

4 edits		reply to kracksmith
said by kracksmith See Profile :

does somebody just run a certain sniffer monitoring program on a public IP ftp server, as easy as that?
No it is not that easy...but it could be as simple as arp poisoning on the same server's subnet to more sophisticated attacks against one of the hops in which the traffic flows...or...maybe, wire tapping the media

If your boss concern is performance, you could use IPsec to encrypt only, at least, the FTP's control/command channel (port 21), all data would still be sent in clear trough the data channel...
to forum · permalink · · 2006-11-23 10:28:13 · Reply to this


SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK

1 edit		 reply to kracksmith
This thread may be of interest...

»unsecure FTP

At a bare minimum you could use the built-in MS PPTP VPN server/client function with a strong password for the authorized users for simple but safe file access from a remote location.
--
"When all else fails, read the instructions..."
to forum · permalink · · 2006-11-23 10:07:58 · Reply to this


hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P.		reply to kracksmith
Hello, and welcome
give it some time...these professionals
are preparing their turkeys!
to forum · permalink · · 2006-11-23 08:58:03 · Reply to this

kracksmith

join:2004-07-14
Fullerton, CA		reply to kracksmith
anybody??
to forum · permalink · · 2006-11-23 08:23:57 · Reply to this

kracksmith

join:2004-07-14
Fullerton, CA

 Ok let's just saying one of my customer is running a IIS 6.0 FTP server (which he is by the way).
He doesn't want to be running any encryptions on the FTP server. I tell him this is dangerous and somebody can sniff out your clear text username and password.

he said he doesn't go into this FTP all the time but just seldomly plus he likes the IE FTP client, it's easy to use and it's available anywhere he goes. he doesn't want to rely on a encrypted ftp client which he needs to carry or download.

he also said if somebody where to sniff out his password that hacker has to know exactly when he's logging into the FTP server which he says is impossible.

i told him i read hacker can monitor his public and leave a sniffer there 24/7. he said how? i couldn't explain this since i'm not a hacker but from a security stand point i like to know how this is done?

does somebody just run a certain sniffer monitoring program on a public IP ftp server, as easy as that?
to forum · permalink · · 2006-11-22 16:13:59 · Reply to this
Forums » Up and Running » Security » SecurityAt&t Yahoo Online Protection.... is it good? »
« WGA, again?  

Thursday, 10-Dec 13:09:35 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [200] Sprint Sued For Distracted Driving Death
· [131] AT&T Launching New 24 Mbps U-Verse Tier
· [82] 3G Network Test Says AT&T Is Tops
· [75] AT&T Hints At Usage-Based iPhone Data Pricing
· [72] Mediacom Unveils 105 Mbps Pricing
· [67] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [66] Sprint Poised For A Turnaround?
· [51] The Future Of Wi-Fi Is Bright
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [45] Microwaving Your Innards Is Not 'Extreme'
Most people now reading
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· New Mediacom Email [Mediacom]
· [WIN7] Well, I was dumb, but do I have recourse? [Microsoft Help]
· Will Gearscore die now? [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· So what's your impressions of Lich King so far.... [World of Warcraft]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· ICC10 [World of Warcraft]
· Icecrown 5-man strats [World of Warcraft]