Information from an FTP violation this weekend

Roger Marquis marquis at
Wed Apr 25 21:17:52 UTC 2001

"Jade E. Deane" <jade.deane at> wrote:
> > > We have an ftp site running on that is made writable at
> > > certain periods of time for anonymous users.  Some of our customer's
> How pointless is this mail-list?

I think the point was (inadvertently made) that this site
(, NAC-NETBLK02,, running NEPTUNE Microsoft
FTP) has a security problem.

It is not standard practice to have listable AND writable directories
on anonymous ftp servers.  If customers need to upload files they
should also have individual directories under an unreadable directory
tree i.e.,


In this case none of the directories under /pub should be listable
except perhaps //custX.  Whether or not //custX needs to be
listable depends on the technical skills of the customer.

It is also standard practice to keep detailed logs of all ftp access
and monitor, run IDS, and reports on those periodically.  Since
this is not typically practical using Microsoft software it looks
like a straightforward case of 3 strikes you're hacked.

Roger Marquis
Roble Systems Consulting

More information about the NANOG mailing list