[PLUG] security?

Bruce Kingsland brucek at kingkon.com
Fri Mar 29 04:36:42 UTC 2002


Russ Johnson's Log: StarDate 0328.1840:
> At 04:46 PM 3/28/2002 -0800, you wrote:
> >I didn't think ftp was insecure.
> 
> Well, if you consider sending passwords in clear text secure, then it's 
> secure. That's a design flaw of ftp. The protocol does not provide for 
> secure transmission of identifying data.
> 
> >I knew not to open up port 23, as I got my root password hacked a
> >while back.
> 
> Exactly the same exploit works with ftp. Just sniff the packets.

Interesting. In both cases, the attack occurred when there was no
activity on the system. In fact, it happened within 24 hours of
opening up the ports. That might have been true with the telnet
problem several months ago, as I was the one accessing the system. But
in the case of opening up the ftp ports last week - I opened the ports
on Wed eve about 7:30, made a single connection to test it, and then
neither of us did squat for the next several days. He (the owner of
the system) didn't even know it was dead.

{He's got about 15 systems running all sorts of OS's, and trying to
run a business too; linux is a learning thing for him, that has pretty
low priority - I get to manage it's activities until it shows a
profitable potential! And with days like this, it's not a good showing.}

> Russ Johnson
> Stargate Online
> 
> http://www.dimstar.net
> telnet://telnet.dimstar.net
> ICQ: 3739685
> 
> 
> When the only tool you own is a hammer, every problem begins to resemble a 
> nail
>          - Abraham Maslow

-bk
-- 
Bruce Kingsland
Kingsland Konsulting
brucek at kingkon.com
503-936-1655
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
D/2B8DA3D7 g/2884A18E  49C3 BBDE 6BC5 3F39 0C03  3BE4 FBC5 2C8D 2B8D A3D7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20020328/a7e0a9a7/attachment.asc>


More information about the PLUG mailing list