Date: Wed, 15 Aug 2001 10:38:07 +0300 From: Ruslan Ermilov <ru@FreeBSD.ORG> To: Greg Lehey <grog@FreeBSD.ORG> Cc: Ted Mittelstaedt <tedm@toybox.placo.com>, Ryan Thompson <ryan@sasknow.com>, William Nunn <yorkie123@hotmail.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Remotely Exploitable telnetd bug Message-ID: <20010815103807.D47417@sunbay.com> In-Reply-To: <20010815144453.U49989@wantadilla.lemis.com>; from grog@FreeBSD.ORG on Wed, Aug 15, 2001 at 02:44:53PM %2B0930 References: <20010814171150.S61413@wantadilla.lemis.com> <000201c12547$807d8520$1401a8c0@tedm.placo.com> <20010815144453.U49989@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 15, 2001 at 02:44:53PM +0930, Greg Lehey wrote: [...] > > FTP, POP3 and many other commonly used TCP/IP protocols are > > inherently insecure using this definition. > > Definitely. In fact, POP is quite a problem because I don't know of > any well-known secure alternative. But those are the individual > protocols, not TCP and IP. ssh runs over TCP and IP as well, but it's > secure, at least by this definition. > POP3 (RFC1725) supports the APOP command, which avoids the transmission of clear-text passwords over an insecure environment. Also, various other authentication schemes are supported, see RFC1734 for details. There are security extensions exist for FTP, see RFC2228 for details. lukemftpd (currently in contrib/lukemftpd) is going to support these, AFAIK. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010815103807.D47417>