Information from an FTP violation this weekend
marquis at roble.com
Wed Apr 25 21:17:52 UTC 2001
"Jade E. Deane" <jade.deane at HelloNetwork.com> wrote:
> > > We have an ftp site running on 220.127.116.11 that is made writable at
> > > certain periods of time for anonymous users. Some of our customer's
> How pointless is this mail-list?
I think the point was (inadvertently made) that this site
(18.104.22.168, NAC-NETBLK02, nac.net, running NEPTUNE Microsoft
FTP) has a security problem.
It is not standard practice to have listable AND writable directories
on anonymous ftp servers. If customers need to upload files they
should also have individual directories under an unreadable directory
In this case none of the directories under /pub should be listable
except perhaps //custX. Whether or not //custX needs to be
listable depends on the technical skills of the customer.
It is also standard practice to keep detailed logs of all ftp access
and monitor, run IDS, and reports on those periodically. Since
this is not typically practical using Microsoft software it looks
like a straightforward case of 3 strikes you're hacked.
Roble Systems Consulting
More information about the NANOG