Re: [cobalt-developers] Admin get access denied in ftp

["Robert G. Fisher" <rfisher@xxxxxxxxxxxxxxx>]

On Fri, Jul 07, 2000 at 04:08:19PM -0400, Kevin D wrote:
> Just so you know, just because you're on the same network as your server
> doesn't mean you're not "on the net" unless your ISP has some good
> firewalling... if not, anyone on the net can sniff out your traffic and see
> all of your telnet session. Besides all that, you also have to trust
> everyone at the ISP (ie joe blow technician who's here today, tomorrow, who
> knows?)...

Umm...Actually, being on the same network should stop anyone from
OUTSIDE that network from being able to sniff his passwords.

You can only sniff traffic from a network segment that you are on.
Since a router will segment that traffic, that would stop anyone
outside the LAN from sniffing his traffic.  However, it doesn't
stop anyone on the LAN from sniffing.

As for people at the ISP, you need to think if you first trust
the people working at that ISP where you're getting your access
and hosting, if you can't trust them -- why are you there?

Also, most ISPs are often setup so that users dial into a NAS
that routes them back into their network, thus keeping the
actual servers on a segment that's apart from a dial in customer.

The potential for sniffing comes in when people are bridged into
the LAN (alot of DSL devices are made as bridges rather than routers),
or using proxy-arp (At least one major NAS vendor has some that work
this way), or if the other person has access to a machine on the 
network.

If you're still concerned, install SSH or OpenSSH to replace 
telnet access and you could change the admserv to run with a 
secure certificate although I doubt you're going to get Cobalt
to help you with any problems that might come up after you
change that part of the interface.

-- 
Robert G. Fisher		     NEOCOM Microspecialists Inc. 
System Administrator/Programmer      (540) 666-9533 x 116