[PLUG] security?
Bill Spears
bspears at easystreet.com
Sat Mar 30 07:18:34 UTC 2002
Russ Johnson wrote:
> On Fri, 2002-03-29 at 15:35, Bill Spears wrote:
>
>>Russ, so the way this works is someone along the net-route of the
>>packets reads your id and password? How could that happen between me
>>and my ISP for example, or if I were being hosted at www.cheaphost.com,
>>and I needed to upload my .html files by ftp?
>>
>
> Packets get routed all over the world. With automated logins, it's
> entirely possible for both username and password to be in the same
> packet.
>
> It's harder if you have a modem connection between you and you ISP, but
> even that's not foolproof, as many ISPs have modem pools in the CO that
> simply dump into the ether. Then it's routed along with everything else.
>
> It's not unusual for packets from my place of employment to be routed
> from downtown Portland, to Seattle, through the Bay Area, and finally
> make it back through Portland to Aloha. With it going through the NOC in
That's interesting. What's the NOC and why are they looking at packets?
I'm a little surprised that ftp (non-anonymous) is still being used.
> the Bay Area, there's A LOT of peering going on there, and one sniffer
> can capture a lot of data quickly.
>
> The point is that it's a possible point of exploitation. I can use a
> clothespin on my gate to hold it shut, but it doesn't take much to break
> that security. SCP and SFTP are useful, and available.
So, in general, are you saying that I can probably use sftp to upload to
a website instead of ftp? I guess the reason that most of the common
tools are ftp based, gFtp etc, is that what most of us have on our
personal websites isn't worth protecting(:-).
More information about the PLUG
mailing list