5

if i use ftp or telnet by accident (usually on the bash shell), to what extend is my password visible?

  1. can my coworker see it?

  2. can my neighbor see it if i work at home (if not using wireless)?

  3. can someone working at a data center along the way see it?

  4. can someone working at a company along the way that has T1 or T3 see it?

  5. can someone working at a university data center see it? (if it is on the route)

  6. if i use it on a wireless WEP network at home (only i know the WEP key), it maybe be viewable for anyone who broke the WEP network key by monitoring 1GB of data?

  7. if i use Starbucks, Pete's Cafe, or McDonald's wireless, and usually they are not WEP or WPA encrypted, can the person setting up the network there possibly see it?

vartec
  • 6,217
  • 2
  • 33
  • 49
nonopolarity
  • 535
  • 3
  • 6
  • 17
  • @Moderators/Authors: Please correct the title it should be 'extent' not 'extend'. The question title needs to be rephrased as "if I use ftp or telnet by accident, to what extent is my password unsafe?" – s_ruchit May 28 '09 at 06:32
  • @s_ruchit: done. – vartec May 28 '09 at 08:52

5 Answers5

13

When you say, on the bash shell, I am assuming this shell is running on the computer at the locations you mention. If you have SSH to some other host and ran ftp/telnet then these answers are irrelevant.

can my coworker see it?

Maybe, if your are both connected to a hub, if you are on a switch and he hasn't done anything evil like arp poisoning he can't see it.

can my neighbor see it if i work at home (if not using wireless)?

It depends on what type of ISP you are using, but probably not.

can someone working at a data center along the way see it?

Yes

can someone working at a university data center see it? (if it is on the route)

Yes

if i use it on a wireless WEP network, it maybe be viewable for anyone who broke the WEP network key by monitoring 1GB of data?

Anyone on the network can see it. A wireless network works like a hub. Everyone on the network sees everything.

if i use Starbucks, Pete's Cafe, or McDonald's wireless, and usually they are not WEP or WPA encrypted, can the person setting up the network there possibly see it?

Yes.

can someone working at a company along the way that has T1 or T3 see it?

Anyone who has access to a router connecting any of the links between your computer and the server could see your traffic, the type of the link doesn't matter.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
7

Anyone with the ability to sniff the traffic between you and the site that you have connected to can potentially read your ftp password, or any data that travels unencrypted.

So, realistically, all scenarios above will be possible, with the following notes:

1) Your co-worker would either have to be able to tap into your external network, or be able to convince the local switches to send him your traffic - very possible if they have admin rights to the switch.

2) If you are using cable with your ISP, then yes - your neighbour could sniff your external traffic. If not, then they would need some serious kit to sniff your local network - very unlikely.

3-5) Totally possible.

If you are concerned about people reading your passwords, I would recommend using secure protocols: SSH/SFTP/SCP instead of telnet/FTP.

Mike Pountney
  • 2,493
  • 2
  • 20
  • 15
2

To simplify this, just think of it this way.

A protocol that operates across an insecure channel (TCP/IP), needs to implement it's own layer of security.

Now, if there exists someone that can listen in on the conversation, anywhere between the two end-points (server/client), then they can see your communication if they so desire.

You can't stop them seeing it, but you can make it difficult for them to make any sense of it - and the only way to do that is by encrypting it - and that's why telnet, ftp should be replaced with ssh, sftp, etc.

You can enforce this by simply not having any telnet servers - if that's an option for you.

Note: You also don't get much added security by using a switch, despite what some people think, because IP-spoofing, ARP-poisoning etc are not difficult tasks.

khosrow
  • 4,163
  • 3
  • 27
  • 33
2

can my coworker see it?

Not on switched Ethernet, unless he tampered with cabling or he has sniffer on the router. In case of hubs (unswitched network) it's possible. But that would have to be really old network.

can my neighbor see it if i work at home (if not using wireless)?

Not, unless he's using very expensive eavesdropping equipment. Beyond reach of normal folk. On the other hand government agencies are capable of seeing it from the orbit.

Of course that assuming that you have xDSL/cable modem at home. If it's neighborhood-wide LAN, then it's the same case, as with coworker.

can someone working at a data center along the way see it?

can someone working at a company along the way that has T1 or T3 see it?

can someone working at a university data center see it? (if it is on the route)

Of course. All of them can. It's their job to monitor traffic.

if i use it on a wireless WEP network at home (only i know the WEP key), it maybe be viewable for anyone who broke the WEP network key by monitoring 1GB of data?

Yes.

if i use Starbucks, Pete's Cafe, or McDonald's wireless, and usually they are not WEP or WPA encrypted, can the person setting up the network there possibly see it?

Doesn't mater if they encrypted or nor, even if they were, other ppl in same Starbucks have same encryption key.

Community
  • 1
vartec
  • 6,217
  • 2
  • 33
  • 49
1

Followup to Zoredache's excellent answer:

Can someone working at a company along the way that has T1 or T3 see it?

The person's connection speed has little to anything to do with whether they can see the packet with your password. If they are on the route they can view it. The only time speed may come into question is if they are receiving too many packets for the packet recording software to keep up.

Chealion
  • 5,733
  • 28
  • 29