Leave these fields empty (spam trap):
Name
You can leave this blank to post anonymously, or you can create a Tripcode by using the format Name#Password
Comment
[i]Italic Text[/i]
[b]Bold Text[/b]
[spoiler]Spoiler Text[/spoiler]
>Highlight/Quote Text
[pre]Preformatted & Monospace Text[/pre]
[super]Superset Text[/super]
[sub]Subset Text[/sub]
1. Numbered lists become ordered lists
* Bulleted lists become unordered lists
File

Sandwich


Discord Now Fully Linked With 420chan IRC

Security, FTP and MITM attacks

Reply
- Wed, 11 Oct 2017 16:15:57 EST fDdwArgq No.37213
File: 1507752957499.jpg -(83736B / 81.77KB, 883x431) Thumbnail displayed, click image for full size. Security, FTP and MITM attacks
I'm not going to perform any attacks whatsoever, I'm more interested about securing my server and learning more about possible attack scenarios. So pardon my stupid questions.

I'm not going to explain every detail why my current system uses technology x or protocol y, because I'm writing this on my phone and I don't want to write too much with this, so please, let's just assume!

My server acts as a FTP server. FTP credentials are transfered in plaintext, what are the possible ways to steal my precious FTP login credentials? I would assume that a MITM attack would be one of them? Does the attacker need an access to my server's router or to the router I'm logging in from? If I disable WiFi, what kind of attack vectors still exists?

Please do explain! Thanks for in advance!
>>
Alice Wullerbury - Wed, 11 Oct 2017 17:11:28 EST 4Jf4geC2 No.37214 Reply
If you're connecting to the server over 3G wireless, then that's a lot more easily sniffable than 4G wireless is, and someone might be able to pull the plaintext FTP packets from that.

Otherwise, your workplace could sniff the packets (if you're connecting from work). Your work's or home's ISP could sniff the packets, and your server's ISP could sniff the packets as they come into the server itself.
>>
Rebecca Fuckingham - Wed, 11 Oct 2017 17:54:26 EST BBXKtFPn No.37215 Reply
>If I disable WiFi, what kind of attack vectors still exists?

That depends. When was your Windows 98 box last patched?
>>
Caroline Blackgold - Thu, 12 Oct 2017 00:36:17 EST 4Jf4geC2 No.37217 Reply
There's also the gamut of typical attack vectors that might affect any computer system, such as somebody remotely compromising your router or hacking your operating system, or you accidentally getting some malware onto the same machine that you're using for FTP hosting.
>>
Albert Saddlelock - Thu, 12 Oct 2017 16:07:56 EST fDdwArgq No.37218 Reply
>>37214
Interesting, didn't know about that at all...
>>
Cedric Brookridge - Sat, 11 Nov 2017 22:19:13 EST XBm2HhG+ No.37232 Reply
>>37213
>FTP credentials are transfered in plaintext, what are the possible ways to steal my precious FTP login credentials?

  1. As you mentioned, an MITM attack
  2. Any attack that can actively listen in on your connection (including a spliced cable)
  3. Direct password attack(bruteforce or dictionary)
  4. hacking other weak points on your server (like VNC,RDP,SSH and so forth)

>Does the attacker need an access to my server's router or to the router I'm logging in from?

not nescessarily, as long as the proper ports are opened or forwarded. As long as a given TCP/UDP port is opened to the net, it can be exploited.

> If I disable WiFi, what kind of attack vectors still exists?
All of them, except those that apply specifically for wifi...

Report Post
Reason
Note
Please be descriptive with report notes,
this helps staff resolve issues quicker.