I wouldn't login to ftp as root (or even try for that matter), and I also know most machines wouldn't let you even if you tried without changing default ftp settings.

One of my colleagues recently tried to connect to one of our production servers over ftp as root. I've tried searching for this but everywhere just says "don't do it", but I'm asking why? And what should I do to make sure nothing has been compromised?

I'm newbie(ish) to security- I think I know what not to do however don't know what to do after a machine is compromise or what tools to run etc.

Thanks in advance,
Dave

The FTP protocol sends everything over non-encrypted channels, including user names and passwords. This means that the passwords can be sniffed from the network with remarkable ease. If you FTP as root, you are sending your root password in plain text over the net. If someone sniffs the password, your entire server is compromised .

Thanks for the quick reply.

How does one sniff the password? Is that something you'd have to do there and then monitoring a switch or something?

There are plenty of ways to sniff for passwords..... one that comes to mind is a IRC botnet...

If the attacker is in the same network only sniffer program (ethreal or similar) is needed. It's very easy to to, so never send plaintext passwords.

Thanks all. I guess this is the time I should start reading a network security book!!