I think what you should keep in mind is that these types of scenarios only tend to balloon with time. These days with sftp and other ways of transferring data securely, it's more of a question of why you would use ftp than why you'd use the secure alternatives. Who's going to try to get your FTP data, and why?
As I said, FTP is as secure as the network is, and no more. A secure office network is a bit different from an airport lounge. Granted the particular network that one is on is also of importance. What about a user's credentials, password, etc.?Īll completely in the clear, with very easy tools available to snarf them.
#Obscurity ftb password
Given a point to listen on, you could train a bright 10 year old to get the password and data in under an hour. If the network can be sniffed (WiFi, rogue ISP, etc), finding the password and data is as trivial as running wireshark. Mitigating the issue by moving the SFTP or similar is an easy and good idea.
So if someone could sniff packets on the client, server or network then you have a security issue. 200 Switching to Binary mode.Ģ27 Entering Passive Mode (192,168,1,2,64,224).ġ50 Opening BINARY mode data connection for pic1.jpg (58677 bytes). Lets take a look at the pcap with strings: 220 (vsFTPd 3.0.2) But how easy is it to get those details?Īs an example I ran tcpdump and connected to an FTP server. Credentials are transfered in clear text, but you know that from the other posts.
0 kommentar(er)
