The application never asks for a secure certificate; so one would need to assume that the link is not encrypted and can be seen through a packet sniff. Also the port it uses is just a standard TCP port; maybe the exchange between winbox challenge and response is the only thing encrypted.... Not really sure. Maybe if someone from Mikrotik is lurking they can interject....
Ty Carter From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Sent: Sunday, September 09, 2007 4:25 PM To: WISPA General List Subject: Re: [WISPA] Winbox Yes, but is the link encrypted or can anyone packet-sniff what you're doing? Have there been previous security breeches in winbox? Mac Dearman wrote: You have the option on the Winbox GUI itself to use "secure password" if you put a check in the box. Mac -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Sent: Sunday, September 09, 2007 11:06 AM To: WISPA General List Subject: [WISPA] Winbox Since winbox came up lately, How secure is the winbox protocol (assuming you have a great password)? Is it safe enough to open up to the outside world, or would I be asking to get hacked? Jason ----------------------------------------------------------------------- --------- ** Join us at the WISPA Reception at 6:30 PM on October the 16th 2007 at ISPCON ** ** ISPCON Fall 2007 - October 16-18 - San Jose, CA www.ispcon.com ** ** THE INTERNET INDUSTRY EVENT ** ** FREE Exhibits and Events Pass available until August 31 ** ** Use Customer Code WSEMF7 when you register online at http://www.ispcon.com/register.php ** ----------------------------------------------------------------------- --------- WISPA Wants You! Join today! http://signup.wispa.org/ ----------------------------------------------------------------------- --------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ ------------------------------------------------------------------------ -------- ** Join us at the WISPA Reception at 6:30 PM on October the 16th 2007 at ISPCON ** ** ISPCON Fall 2007 - October 16-18 - San Jose, CA www.ispcon.com ** ** THE INTERNET INDUSTRY EVENT ** ** FREE Exhibits and Events Pass available until August 31 ** ** Use Customer Code WSEMF7 when you register online at http://www.ispcon.com/register.php ** ------------------------------------------------------------------------ -------- WISPA Wants You! Join today! http://signup.wispa.org/ ------------------------------------------------------------------------ -------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ --- AV & Spam Filtering by M+Guardian - Risk Free Email (TM) --- -------------------------------------------------------------------------------- ** Join us at the WISPA Reception at 6:30 PM on October the 16th 2007 at ISPCON ** ** ISPCON Fall 2007 - October 16-18 - San Jose, CA www.ispcon.com ** ** THE INTERNET INDUSTRY EVENT ** ** FREE Exhibits and Events Pass available until August 31 ** ** Use Customer Code WSEMF7 when you register online at http://www.ispcon.com/register.php ** -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/