Telnet Queation - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Telnet Queation

  1. #11
    Senior Member
    Join Date
    Jun 2002
    Posts
    174
    Yeah... authentication is pretty easily sniffed off the network if you're doing FTP (using programs like Cain and Able for Windows pretty much takes the work out of sniffing for you).

    But if you're on a direct connection to your cable modem, which is in turn connecting to a remote machine which is directly connected, the odds of someone "in-between" sniffing your info is pretty low...


    Tracing my route from here to Google looks like this:
    Tracing route to google.com [216.239.39.99]
    over a maximum of 30 hops:
    1 <1 ms <1 ms <1 ms xxxxx
    2 24 ms 31 ms 9 ms xxxxx
    3 11 ms 14 ms 11 ms xxxxx
    4 29 ms 30 ms 32 ms xxxxx
    5 47 ms 43 ms 70 ms gar1-p360.sc1ca.ip.att.net [12.122.2.242]
    6 54 ms 48 ms 46 ms tbr1-p012102.sffca.ip.att.net [12.122.2.246]
    7 56 ms 43 ms 50 ms ggr2-p300.sffca.ip.att.net [12.123.13.190]
    8 45 ms 45 ms 44 ms so-8-1.car3.SanJose1.Level3.net [209.0.227.29]
    9 47 ms 53 ms 47 ms ae-1-51.bbr1.SanJose1.Level3.net [4.68.123.1]
    10 113 ms 103 ms 108 ms ae-0-0.bbr1.Washington1.Level3.net [64.159.0.229]
    11 108 ms 101 ms 105 ms ge-1-1-51.car1.Washington1.Level3.net [4.68.121.5]
    12 103 ms 102 ms 107 ms 4.79.228.26
    13 104 ms 103 ms 103 ms 64.233.174.126
    14 107 ms 108 ms 106 ms 216.239.48.90
    15 109 ms 104 ms 106 ms 216.239.47.58
    16 108 ms 109 ms 102 ms 216.239.39.99
    Trace complete.
    As you can see, most all of those are ISP hubs... and they're not too concerned with my FTP info. FTP is just kind of the defacto standard for file transfer...
    I\'m back.

  2. #12
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    If you agree it's annoying, then I really hope it stops..
    I can see you are in no mood to take a joke, but okay..

    You're talking about a plain-text protocol that could be easily sniffed....
    Care to share one that CAN'T easily be sniffed? C'mon, that's bull.

    How is this as "secure/insecure as the user lets it be".
    Easily. While running an ftpd, make sure you have set passwords that are strong, limit accounts (none except yours?), have a secure connection to your ftpd that masks your IP and/or moniter ANY traffic towards the server.

    This of course is as opposed to someone who doesnt give a **** about their connection, their server, etc. Thus, "secure/insecure as user lets it be".

    If you need further explanation, let me know.. I don't understand the difficult concept. Sure, in the case of Telnet, it's BETTER (safer, etc) to use SSH. In the case of FTP however, why not keep it simple for a home user who is merely trying to transfer files.

    EDIT:
    the odds of someone "in-between" sniffing your info is pretty low...
    I'm sorry, I disagree.. maybe the odd's might be lowered somewhat, but it can still be easily done IMO.
    Space For Rent.. =]

  3. #13
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by Spyder32
    I can see you are in no mood to take a joke, but okay..
    It has nothing to do with a joke.. I've recieved quite a bit of support from people that agree with the cosign.. Since you've returned you've contributed almost nothing of value and put that damn co-sign on everything.. It's just pissing us off.


    Care to share one that CAN'T easily be sniffed? C'mon, that's bull.
    Sniff my SSH data and tell me what the contents say..



    Easily. While running an ftpd, make sure you have set passwords that are strong, limit accounts (none except yours?), have a secure connection to your ftpd that masks your IP and/or moniter ANY traffic towards the server.
    Having a strong password doesn't limit people that sniff the password and login using it... it's an insecure protocol... You aren't make the protocol more secure... you're making it's usage more secure

    If you need further explanation, let me know.. I don't understand the difficult concept. Sure, in the case of Telnet, it's BETTER (safer, etc) to use SSH. In the case of FTP however, why not keep it simple for a home user who is merely trying to transfer files.
    I'm not sure how you can say this and not understand it... You agree with the use of SSH but not the use of SFTP? They use the same daemon... It shouldn't be about keeping it simple... that's how Microsoft became so big and how there were so many flaws in their operating system.. Things that should have been closed by default but were left open to make usage easier to the user... some of the features of IE and Outlook are prime examples.

    Plain and simple.. this is a security site... you recommended an insecure solution.. admit that you have no clue what you're talking about and quit wasting our time with your useless posts... Nobody cares about you increasing your post count and your attempts at looking intelligent.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #14
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    Spyder spyder spyder... FTP sends its passwords and data in clear text. It doesn't matter how strong your passwords are or how much you limit your accounts ; if your data gets sniffed, you're done (because it's sent in clear text).
    "Having a secure connection to your ftpd" implies something else than just FTP (Secure FTP, sftp - whatever the difference is - I'm sure we could have another nice thread discussing that ). In the case of Telnet, it's better to use SSH, but in the case of FTP it's not? Tsk tsk...

  5. #15
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    It has nothing to do with a joke.. I've recieved quite a bit of support from people that agree with the cosign.. Since you've returned you've contributed almost nothing of value and put that damn co-sign on everything.. It's just pissing us off.
    Well I'm glad it was a group effort? One that was never brought to my attention until you pointed it out. If something bothers you, why not say it? Why wait?

    it's an insecure protocol... You aren't make the protocol more secure... you're making it's usage more secure
    Insecure, yes.. I agree. I guess I used wrong wording by saying making the protocol more secure and not it's useage.. oh I'm sorry, I didn't. I said the server..

    I agree with why SSH and not SFTP, I didn't realize that point. However if the user is merely transfering files, then.. see where I'm getting at?

    you recommended an insecure solution.. admit that you have no clue what you're talking about and quit wasting our time with your useless posts... Nobody cares about you increasing your post count and your attempts at looking intelligent.
    Yes, quite possibly I did -- for something as miniscule as transfering files. Yes HT, I have NO clue what I'm talking about. My useless posts? Oh, so those who frequent GCC/Cosmos are useless themselves as well? My post count, huh. Yeah, you're whining about my post count and **** when I can name people who have been here same amount of time with MUCH more posts or the same. Honestly.. I could give two ****s my post count.

    Oh, and as for looking intelligent. Yeah, that was my goal. You got me. It wasn't the fact that I attempted to help someone with a small task.

    Negative: I see your point, that made sense..

    In the case of Telnet, it's better to use SSH, but in the case of FTP it's not?
    Good way to explain it, I see the point trying to be made.
    Space For Rent.. =]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides