[NCLUG] Securing ftpd

J. Paul Reed preed at sigkill.com
Tue Mar 20 13:09:23 MST 2001 

On Tue, 20 Mar 2001, dobbster wrote:

> Could someone point me to a good primer at maximizing the security of
> ftpd with or without using ssh?

Unfortunately, all the ftpds have had recent serious security problems...
someone else can probably give recommendations, but staying away from
wu-ftpd is probably a good idea... it's the sendmail of ftpds.

Other than that, it's just an exercise in watching Bugtraq, and upgrading
your ftpd before a cracker does it for you (by wiping your system first).

> On one machine, I can't use ssh because most of the clients are Windows
> (unless there is a way for Windows clients to use ssh; I'm not aware of
> one).

Putty. http://www.chiark.greenend.org.uk/~sgtatham/putty/

This doesn't much help with the pushing of files across the network;
Depending on the situation, you could set up an SSH tunnel (if, for
instance, everyone was FTPing from an office network to a remote machine),
but this would only encrypt passwords and commands, not files sent over the
wire.

You could also use scp, which for Unix users, is no big deal; there is an
scp client that can be used available from the putty website above, but I
think it's commandline, and thus your windows users would have to learn how
to copy files via the commandline, which may not work for you.

> Second: My security logs show the same hacker trying to get into two
> different machines on completely different networks.  The only thing
> relating these two machines is a nightly rsync using ssh.  How would the
> hacker know about this?

Are you sure s/he hasn't gotten in? How far are the networks apart,
address-wise?

Script kiddies like to scan entire class Bs... sometimes class A's for
security vulnerabilities... I just had some recent experience with this at
Cal Poly (someone rooted a box I monitor via a wu-ftpd 'sploit, and we
caught the person because they were scanning other class Bs for wu-ftpd
holes).

Later,
Paul
  ----------------------------------------------------------------------
  J. Paul Reed                preed at sigkill.com || web.sigkill.com/preed
  AOL, CIA, NSA, whatever! They all have three letters, they all collect
  information, and they all screw the public -- User Friendly, 2/10/2000

More information about the NCLUG mailing list