From owner-freebsd-questions Tue Oct 16 14: 7:49 2001 Delivered-To: freebsd-questions@freebsd.org Received: from femail8.sdc1.sfba.home.com (femail8.sdc1.sfba.home.com [24.0.95.88]) by hub.freebsd.org (Postfix) with ESMTP id 1917C37B40E for ; Tue, 16 Oct 2001 14:07:44 -0700 (PDT) Received: from gerhardt-it.com ([24.71.180.125]) by femail8.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011016210738.GHUG11405.femail8.sdc1.sfba.home.com@gerhardt-it.com>; Tue, 16 Oct 2001 14:07:38 -0700 Message-ID: <3BCCA414.477CCC8A@gerhardt-it.com> Date: Tue, 16 Oct 2001 15:18:12 -0600 From: Scott Gerhardt Reply-To: scott@gerhardt-it.com Organization: Gerhardt Information Technologies X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.19-7.0.1 i686) X-Accept-Language: en MIME-Version: 1.0 To: Sol Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ftp security References: <20011016195434.58399.qmail@web11705.mail.yahoo.com> <3BCC9F3D.B91ADBB3@gerhardt-it.com> <20011016175057.A19266@underzen.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG There was an /incoming/Taggeg/by/PS2H/ directory with nothing in it Sol wrote: > > Hi, > > I've had this sort of thing happen myself. Both times it turned out to be pirates that basically "wardial" looking for anonymous ftp sites with decent badwidth to host their "warez". They'll use it until you discover them stealing the bandwidth and then move on. Whether or not you want to reinstall is determined by your paranoia and/or security policies. Did you discover what the files were? > > -- > Sol > > Somewhere around Tue, Oct 16, 2001 at 02:57:33PM -0600, Scott Gerhardt wrote: > > Thanks Tim, > > > > Wouldn't a complete reinstall be overkill when it only "appears" that > > someone put some mysterious files in an anonymous ftp incoming > > directory? > > > > It's not like someone cracked into the system, putting files in > > /var/ftp/pub/incoming is normal. Unless, the ftpd that comes with > > FreeBSD 4.4-Release has a gaping security hole I don't know about. > > > > The default ftpd that comes with FreeBSD chroot's anonymous users and > > has builtin commands so it should be quite secure, right? > > > > > > - Scott > > -- ------------------------------------ Scott Gerhardt, P.Geo. Gerhardt Information Technologies 306.227.5290 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message