From owner-freebsd-security Wed Nov 24 5:54:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from postman.lipetsk.ru (postman.lipetsk.ru [195.34.224.68]) by hub.freebsd.org (Postfix) with ESMTP id 7A226150E5 for ; Wed, 24 Nov 1999 05:54:29 -0800 (PST) (envelope-from skynick@stu.lipetsk.su) Received: from lstu by relay.lipetsk.ru with UUCP id <16990-8897>; Wed, 24 Nov 1999 16:52:55 +0300 Received: from corsair.stu.lipetsk.ru (root@corsair.lstu [192.168.15.51]) by maverick.stu.int (8.9.3/8.8.5) with ESMTP id QAA02104 for Wed, 24 Nov 1999 16:51:19 +0300 (MSK) Received: from skynick (root@loopback [127.0.0.1]) by corsair.stu.lipetsk.ru (8.9.3/8.9.2) with SMTP id QAA23057 for ; Wed, 24 Nov 1999 16:51:13 +0300 (MSK) (envelope-from skynick@stu.lipetsk.su) Message-ID: <007801bf3682$fca3e0f0$131fa8c0@skynick.am.lstu> From: "Nick A. Leuta" To: Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) Date: Wed, 24 Nov 1999 16:51:19 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 22 Nov 1999 00:47:35 -0500, Jonathan Chen said: >1) ftpd/telnetd, by themselves, does not give unwanted guests a window of > entry any more than sshd. >3) People who have no need to use ftpd (or telnetd) does not use > ftpd/telnetd. Thus, cleartext password is never transmitted over these > protocols. Hmm... Ftp/telnet is not only services what usually needed... And ssh not only the way to resolve problems with sniffing danger... The security of standard protocols like telnet/ftp/pop3/smtp/etc can be improved by using SSL/TLS (OpenSSL presents in ports), for example telnets/pop3s/smtps... SSLTelnet (client and daemon) presents in ports, pop3 and smtp (telnet also) can be wrapped through any ssl wrapper (stunnel, bjorb presents in ports too, of course... :-) ). Also there are SSLftp (ftpd and client with ssl support), it does not present in ports, but it possible to patch standard FreeBSD ftpd or port SSLftp to FreeBSD... =================== * Paranoya is a professional illness of system administrators SkyNick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message