[Gllug] SFTP Server
Mike Brodbelt
mike at coruscant.demon.co.uk
Wed Apr 9 22:24:17 UTC 2003
On Wed, 2003-04-09 at 15:11, David Damerell wrote:
> On Wednesday, 9 Apr 2003, Doug Winter wrote:
> >Personally I'd say that this doesn't increase security by much in the
> >real world. Yes, someone could be sniffing your network, but in reality
> >they aren't. Although it's a plausible risk, it's not a high one.
>
> In reality they are. When I was in academentia, at least half the
> machines the university had cracked had sniffers installed on
> them. Our single biggest incident in the Department I worked in was a
> direct result of efficient use of password sniffers.
Yes indeed - it's very common for a cracked machine to promptly have a
sniffer installed on it. If you used rlogin/rsh/rexec, as many academic
sites do, you'd very rapidly get the entire network compromised, and as
people tend to use the same passwords on multiple machines, this led to
external machines also being compromised. Simply replacing rlogin with
ssh stops this kind of thing very effectively.
Mike.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list