Date: Tue, 16 Oct 2001 14:13:07 -0700 (PDT) From: Tim Erlin <tperlin@yahoo.com> To: scott@gerhardt-it.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ftp security Message-ID: <20011016211307.12345.qmail@web11708.mail.yahoo.com> In-Reply-To: <3BCC9F3D.B91ADBB3@gerhardt-it.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You're probably right, but, again, the only way to be *sure*... --Tim --- Scott Gerhardt <scott@gerhardt-it.com> wrote: > Thanks Tim, > > Wouldn't a complete reinstall be overkill when it > only "appears" that > someone put some mysterious files in an anonymous > ftp incoming > directory? > > It's not like someone cracked into the system, > putting files in > /var/ftp/pub/incoming is normal. Unless, the ftpd > that comes with > FreeBSD 4.4-Release has a gaping security hole I > don't know about. > > The default ftpd that comes with FreeBSD chroot's > anonymous users and > has builtin commands so it should be quite secure, > right? > > > - Scott > > > > > > > Tim Erlin wrote: > > > > You'll see on this list numerous times the > caveat(or > > something similar): "Once a box has been > compromised, > > there is no way other than a complete re-install > to be > > sure that you have fixed/cleaned/removed the > damage > > done." > > > > If you're paranoid, this would be such a case, I > would > > think. > > > > --Tim > > > > --- Scott Gerhardt <scott@gerhardt-it.com> wrote: > > > I just set up a FreeBSD 4.4-Release box and > enabled > > > anonymous ftp during > > > the install. > > > > > > Within 24 hours I noticed a "/Tagged/by/PS2H/" > > > directory under > > > /var/ftp/pub/incoming. > > > > > > I couldn't find any good documentation on this, > but > > > came accross lots of > > > other "Tagged" ftp sites when doing a google > search > > > on "ftp incoming > > > tagged". > > > > > > My conclusion is that this is a common thing and > is > > > only slightly > > > malicous to the extent of ftp uploads consuming > disk > > > space. I would > > > guess it is just script kiddies trying to find a > > > place to store porn. Am > > > I correct? > > > > > > Since I don't need anonymous uploads enabled, I > did > > > the following: > > > 1.) Deleted everything under /var/ftp/pub > including > > > /incoming > > > 2.) Turned on ftpd logging verbose '-l -l' > > > > > > > > > With logging on I noticed that there are still > > > anonymous requests to > > > create "@@Tagged@@_" directories. > > > > > > > > > Is there anything else I should know? > > > > > > > > > - Paranoid > > > > > > > > > -- > > > ------------------------------------ > > > Scott Gerhardt, P.Geo. > > > Gerhardt Information Technologies > > > > > > To Unsubscribe: send mail to > majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body > of > > > the message > > > > __________________________________________________ > > Do You Yahoo!? > > Make a great connection at Yahoo! Personals. > > http://personals.yahoo.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body > of the message > > -- > ------------------------------------ > Scott Gerhardt, P.Geo. > Gerhardt Information Technologies > 306.227.5290 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of > the message __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011016211307.12345.qmail>