> FTP servers and clients should verify that the one who connects is the one > who said he would. This is easily done based on the IP address (although > IPmasq hosts make things a bit weirder). I've often wondered if they > actually did check this, but I've never actually looked. They certainly should not, this would defeat an intentional and very useful feature of ftp - the ability to transfer files between two other machines without going via the client. Unfortunately some do. In any case authentication by ip address would still leave you open to attacks from machines on the local network. -- greg - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
- randomizing tcp port binding.. CyberPsychotic
- Re: randomizing tcp port binding.. Avery Pennarun
- Re: randomizing tcp port binding.. CyberPsychotic
- Re: randomizing tcp port binding.. Glynn Clements
- Re: randomizing tcp port binding.. Werner Koch
- Re: randomizing tcp port binding.. Andi Kleen
- Re: randomizing tcp port binding.. CyberPsychotic
- Re: randomizing tcp port binding.. Avery Pennarun
- Re: randomizing tcp port binding.. CyberPsychotic
- Re: randomizing tcp port binding.. jt
- Re: randomizing tcp port binding.. Greg Stark
- Re: randomizing tcp port binding.. ekuiperba
- Re: randomizing tcp port binding.. maddog
- Re: randomizing tcp port binding.. Greg Stark
- Re: randomizing tcp port binding.. Avery Pennarun
- Re: randomizing tcp port binding.. Daniel M Church
