[30762] in North American Network Operators' Group
Re: ARIN Policy on IP-based Web Hosting
daemon@ATHENA.MIT.EDU (Joe Shaw)
Wed Aug 30 13:20:34 2000
Date: Wed, 30 Aug 2000 12:18:12 -0500 (CDT)
From: Joe Shaw <jshaw@insync.net>
To: sigma@pair.com
Cc: Peter van Dijk <petervd@vuurwerk.nl>, nanog@merit.edu
In-Reply-To: <20000830105233.18163.qmail@smx.pair.com>
Message-ID: <Pine.GSO.4.21.0008301151500.3549-100000@vellocet.insync.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 30 Aug 2000 sigma@pair.com wrote:
> > Theoretically, you could do the same with ftp as with pop3 - use
> > usernames like 'user@domain.com'.
>
> Not for anonymous FTP. The username provided by every FTP client out there
> is "ftp" or "anonymous", nothing more.
>
> FTP is by no means wretched. It's still in widespread use, and with good
> reason.
On the contrary, it is wretched. It sends secrets in clear text. You can
do nifty things like bounce port probes through some FTPD's because of
the data channel (a hold over from the days of NCP, before TCP). FTPD is
easy to configure incorrectly, severely compromising the security of the
system running it (this is more admin error, I know). I'm sure there are
others who can add to the list.
However, with that said, I'd like to state that discussing the merits of
the File Transfer Protocol is only vaguely operational before someone else
does. I'll be more than happy to continue this conversation off-list
though.
__
Joseph W. Shaw - jshaw@insync.net
