Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: Security matters: keep thy doors closed!

by Aristotle (Chancellor)
on Jun 15, 2002 at 03:01 UTC ( [id://174782]=note: print w/replies, xml ) Need Help??


in reply to Security matters: keep thy doors closed!

One thing I'd like to mention is that I consider FTP useless for anything but anonymous access, for the same reason Telnet is - they're both unencrypted protocols.

There are also a handful of FTP daemons that have been written explicitly for anonymous access exclusively and will present very little if any vulnerability. (The one I'm thinking (but don't remember the name) of doesn't contain a single file write call in the entire source, runs chrooted and drops root priviledges as soon as it has a connection before it reads a single byte from the connection.)

Even so, making FTP work poses numerous problems to a firewall due to the way the protocol is set up, with the separation between data and control connections. It really is time to let this dinosaur die.

Makeshifts last the longest.

  • Comment on Re: Security matters: keep thy doors closed!

Replies are listed 'Best First'.
Re: Re: Security matters: keep thy doors closed!
by belden (Friar) on Jun 17, 2002 at 16:51 UTC
    ...The one I'm thinking of (but don't remember the name)...

    There's probably a lot of these- it could be pureftpd that you're thinking of (or it could be something else!)

    From their splash page:

    Pure-FTPd is actively supported, and it was always designed with security in mind, and the code is always re-audited as new kind of vulnerabilities are discussed. Unlike other popular FTP servers, the number of root exploits found since the very first released version is zero.

    blyman
    setenv EXINIT 'set noai ts=2'

[reply]
      No actually, while pureftpd is good, it wasn't what I meant. This daemon had anon-something or other in its name and didn't facilitate any other than anonymous logins at all. It was explicitly written to run anon-FTP servers only with an absolute minimum amount of code. Can probably be found via freshmeat..

      Makeshifts last the longest.

[reply]
        Aha - no surprise that also in the ftp-daemon writing community TMTOWTDI :)

        blyman

[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://174782]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (3)
As of 2024-04-19 21:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found