[NCLUG] Securing ftpd

dobbster dobbster at dobbster.com
Tue Mar 20 13:46:11 MST 2001


> Unfortunately, all the ftpds have had recent serious security problems...
> someone else can probably give recommendations, but staying away from
> wu-ftpd is probably a good idea... it's the sendmail of ftpds.

I know.  Rats. :-(
 
> Other than that, it's just an exercise in watching Bugtraq, and upgrading
> your ftpd before a cracker does it for you (by wiping your system first).
> 
> > On one machine, I can't use ssh because most of the clients are Windows
> > (unless there is a way for Windows clients to use ssh; I'm not aware of
> > one).
> 
> Putty. http://www.chiark.greenend.org.uk/~sgtatham/putty/
> 
> This doesn't much help with the pushing of files across the network;
> Depending on the situation, you could set up an SSH tunnel (if, for
> instance, everyone was FTPing from an office network to a remote machine),
> but this would only encrypt passwords and commands, not files sent over the
> wire.
> 
> You could also use scp, which for Unix users, is no big deal; there is an
> scp client that can be used available from the putty website above, but I
> think it's commandline, and thus your windows users would have to learn how
> to copy files via the commandline, which may not work for you.

Okay, I'll check all of this out.  I'm tempted to have my users FTP
everything to a more expendable machine.

> Are you sure s/he hasn't gotten in? How far are the networks apart,
> address-wise?

Well, (I mentioned this in another message) both networks start with
216.17., but I wouldn't think this would matter.  Or would it?  Come to
think of it, they all have the range 216.17.*.64-127.  Only that third
byte differs.
 
> Script kiddies like to scan entire class Bs... sometimes class A's for
> security vulnerabilities... I just had some recent experience with this at
> Cal Poly (someone rooted a box I monitor via a wu-ftpd 'sploit, and we
> caught the person because they were scanning other class Bs for wu-ftpd
> holes).

If they scan entire As and Bs, I guess scanning a small portion of a
class C is no big deal.  Maybe I shouldn't worry about it.  I know there
is at least one individual (running Windows) who has been trying
repeatedly to get in for several days, and they seem quite aware of both
machines.  I suppose DNS might offer them a clue.

Mark (dobbster at dobbster.com)



More information about the NCLUG mailing list