[33249] in North American Network Operators' Group
Re: FTP with authentication to RADIUS
daemon@ATHENA.MIT.EDU (Andrew Brown)
Fri Jan 5 10:30:15 2001
Date: Fri, 5 Jan 2001 10:27:59 -0500
From: Andrew Brown <twofsonet@graffiti.com>
To: Roeland Meyer <rmeyer@mhsc.com>
Cc: "'Steven J. Sobol'" <sjsobol@NorthShoreTechnologies.net>,
joshua stein <jcs@rt.fm>, nanog@nanog.org
Message-ID: <20010105102759.A23453@noc.untraceable.net>
Reply-To: Andrew Brown <atatat@atatdot.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9DC8BBAD4FF100408FC7D18D1F0922869BC7@condor.mhsc.com>; from rmeyer@mhsc.com on Fri, Jan 05, 2001 at 12:07:30AM -0800
Errors-To: owner-nanog-outgoing@merit.edu
>1) many versions of FTP make you system vulnerable to root cracks.
...which are problems that need to be fixed. if you know of any...
>2) There is NO way to run FTP in a SSH tunnel because it uses dynamic port
>assignments.
well...that's not entirely true. you can tunnel the command channel,
just not the data channel.
>3) FTP logins are plain-text.
sure, which is why you tunnel them via ssh, or use ipsec.
actually...if you use ipsec, you can get the data protected as well.
>For sharing files, with anonymous users, HTTP is much better (see:
>http://files.dnso.net)
for sharing files with anonymous users, i'll always be using anonftp.
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."
