Information from an FTP violation this weekend

• Previous message (by thread): jumbo frames
• Next message (by thread): Information from an FTP violation this weekend
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Jade E. Deane" <jade.deane at HelloNetwork.com> wrote:
> > > We have an ftp site running on 209.123.52.40 that is made writable at
> > > certain periods of time for anonymous users.  Some of our customer's
> 
> How pointless is this mail-list?

I think the point was (inadvertently made) that this site
(209.123.52.40, NAC-NETBLK02, nac.net, running NEPTUNE Microsoft
FTP) has a security problem.

It is not standard practice to have listable AND writable directories
on anonymous ftp servers.  If customers need to upload files they
should also have individual directories under an unreadable directory
tree i.e.,

	/upload/a9-ns/custX
	/upload/0igm19/custY
	...

In this case none of the directories under /pub should be listable
except perhaps //custX.  Whether or not //custX needs to be
listable depends on the technical skills of the customer.

It is also standard practice to keep detailed logs of all ftp access
and monitor, run IDS, and reports on those periodically.  Since
this is not typically practical using Microsoft software it looks
like a straightforward case of 3 strikes you're hacked.

-- 
Roger Marquis
Roble Systems Consulting
http://www.roble.com/

• Previous message (by thread): jumbo frames
• Next message (by thread): Information from an FTP violation this weekend
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]