[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] FTP session - sniffing clear text password?

  • Subject: Re: [Openvpn-users] FTP session - sniffing clear text password?
  • From: <nobledark@xxxxxxxxxxxx>
  • Date: Fri, 17 Aug 2007 20:01:37 -0400

Sorry - should have added this info:

OpenVPN in routed configuration, Linux server, XP client.


On Fri, 17 Aug 2007 19:00:26 -0400 nobledark@xxxxxxxxxxxx wrote:
>Hoping that I'm just mis-interpreting what I'm seeing - using 
>OpenVPN in "road warrior" config for a while now secure IM and 
>Just on a whim I fired up Ethereal on my client to look at the 
>traffic that my FTP client generates (FTP tunnels to server on 
>private IP through VPN, doesn't work otherwise). I configured 
>Ethereal to look at the TAP adapter and set the capture filter to 
>"tcp port 21". 
>When I started the session, I was shocked to see both my user name 
>and password in plain text in the capture. I confirmed that I was 
>sniffing traffic on the TAP (nothing showing up on the other 
>interfaces during this session) and I repeated the test numerous 
>times. The VPN appears to be connecting normally and I can access 
>the same resources that I always have been able to.
>Am I looking at the traffic before it is encrypted or do I have a 
>big problem?
>Hoping for the best - thanks....
>Click here to increase your salary by earning an online degree.
>This SF.net email is sponsored by: Splunk Inc.
>Still grepping through log files to find problems?  Stop.
>Now Search log events and configuration files using AJAX and a 
>Download your FREE copy of Splunk now >>  http://get.splunk.com/
>Openvpn-users mailing list

Click for free info on online masters degrees and make up to $150K/ year

Openvpn-users mailing list