[NCLUG] Securing ftpd
dobbster
dobbster at dobbster.com
Tue Mar 20 13:46:11 MST 2001
> Unfortunately, all the ftpds have had recent serious security problems...
> someone else can probably give recommendations, but staying away from
> wu-ftpd is probably a good idea... it's the sendmail of ftpds.
I know. Rats. :-(
> Other than that, it's just an exercise in watching Bugtraq, and upgrading
> your ftpd before a cracker does it for you (by wiping your system first).
>
> > On one machine, I can't use ssh because most of the clients are Windows
> > (unless there is a way for Windows clients to use ssh; I'm not aware of
> > one).
>
> Putty. http://www.chiark.greenend.org.uk/~sgtatham/putty/
>
> This doesn't much help with the pushing of files across the network;
> Depending on the situation, you could set up an SSH tunnel (if, for
> instance, everyone was FTPing from an office network to a remote machine),
> but this would only encrypt passwords and commands, not files sent over the
> wire.
>
> You could also use scp, which for Unix users, is no big deal; there is an
> scp client that can be used available from the putty website above, but I
> think it's commandline, and thus your windows users would have to learn how
> to copy files via the commandline, which may not work for you.
Okay, I'll check all of this out. I'm tempted to have my users FTP
everything to a more expendable machine.
> Are you sure s/he hasn't gotten in? How far are the networks apart,
> address-wise?
Well, (I mentioned this in another message) both networks start with
216.17., but I wouldn't think this would matter. Or would it? Come to
think of it, they all have the range 216.17.*.64-127. Only that third
byte differs.
> Script kiddies like to scan entire class Bs... sometimes class A's for
> security vulnerabilities... I just had some recent experience with this at
> Cal Poly (someone rooted a box I monitor via a wu-ftpd 'sploit, and we
> caught the person because they were scanning other class Bs for wu-ftpd
> holes).
If they scan entire As and Bs, I guess scanning a small portion of a
class C is no big deal. Maybe I shouldn't worry about it. I know there
is at least one individual (running Windows) who has been trying
repeatedly to get in for several days, and they seem quite aware of both
machines. I suppose DNS might offer them a clue.
Mark (dobbster at dobbster.com)
More information about the NCLUG
mailing list