[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] FTP session - sniffing clear text password?


  • Subject: Re: [Openvpn-users] FTP session - sniffing clear text password?
  • From: <nobledark@xxxxxxxxxxxx>
  • Date: Fri, 17 Aug 2007 22:20:07 -0400

OK, well, after several hours of worrying and poring through old 
archive threads, I finally found an old hub and hooked it into my 
network then ran Ethereal on a separate laptop - the data is 
encrypted. Apparently when sniffing on the local client, I am 
seeing the data before it's encrypted and I can't see the data 
after it's been ciphered (at least I do not know how on XP - 
couldn't see anything over "eth0").

Sorry for the false alarm...

 - Nd

On Fri, 17 Aug 2007 20:01:37 -0400 nobledark@xxxxxxxxxxxx wrote:
>Sorry - should have added this info:
>
>OpenVPN in routed configuration, Linux server, XP client.
>
>
>Thanks...Nd
>
>On Fri, 17 Aug 2007 19:00:26 -0400 nobledark@xxxxxxxxxxxx wrote:
>>Hi,
>>
>>Hoping that I'm just mis-interpreting what I'm seeing - using 
>>OpenVPN in "road warrior" config for a while now secure IM and 
>>FTP. 
>>Just on a whim I fired up Ethereal on my client to look at the 
>>traffic that my FTP client generates (FTP tunnels to server on 
>>private IP through VPN, doesn't work otherwise). I configured 
>>Ethereal to look at the TAP adapter and set the capture filter to 
>
>>"tcp port 21". 
>>
>>When I started the session, I was shocked to see both my user 
>name 
>>
>>and password in plain text in the capture. I confirmed that I was 
>
>>sniffing traffic on the TAP (nothing showing up on the other 
>>interfaces during this session) and I repeated the test numerous 
>>times. The VPN appears to be connecting normally and I can access 
>
>>the same resources that I always have been able to.
>>
>>Am I looking at the traffic before it is encrypted or do I have a 
>
>>big problem?
>>
>>Hoping for the best - thanks....
>>
>>--
>>Click here to increase your salary by earning an online degree.
>>http://tagline.hushmail.com/fc/Ioyw6h4eS5xH3rUiVtlGTw7a5WiKgZQrjSc
>F
>>eunNMEKH5Ro234lYVr/
>>
>>
>>------------------------------------------------------------------
>-
>>------
>>This SF.net email is sponsored by: Splunk Inc.
>>Still grepping through log files to find problems?  Stop.
>>Now Search log events and configuration files using AJAX and a 
>>browser.
>>Download your FREE copy of Splunk now >>  http://get.splunk.com/
>>_______________________________________________
>>Openvpn-users mailing list
>>Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>>https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
>--
>Click for free info on online masters degrees and make up to 
>$150K/ year
>http://tagline.hushmail.com/fc/Ioyw6h4eS9zVB4Ug5f9JyRVUyzBuwpjsar9i
>5zQuibsIr0oggU67d3/
>
>
>-------------------------------------------------------------------
>------
>This SF.net email is sponsored by: Splunk Inc.
>Still grepping through log files to find problems?  Stop.
>Now Search log events and configuration files using AJAX and a 
>browser.
>Download your FREE copy of Splunk now >>  http://get.splunk.com/
>_______________________________________________
>Openvpn-users mailing list
>Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>https://lists.sourceforge.net/lists/listinfo/openvpn-users

--
Click here if you're tired of your job and want to increase your salary.
http://tagline.hushmail.com/fc/Ioyw6h4dBjqA0Z72cZYJaparPfBv67QYGItobGga0mhsgo9TPvxthf/

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users