Date: Sun, 4 Jan 2004 02:27:16 +0100 (CET) From: "Julian Stacey" <jhs@berklix.org> To: freebsd-isp@freebsd.org Cc: Norbert Poellmann <np@bsn.com> Subject: ftpd -r insufficient to protect from writing Message-ID: <200401040127.i041RG9q006665@lobo.ewinter.org>
next in thread | raw e-mail | index | archive | help
Hi freebsd-isp@freebsd.org people
Has anyone seen systems running with an inetd.conf entry of
ftpd -l -r
where crackers get in & write quantities of crap in pub/ ?
I saw similar maybe 6 months ago, & again recently on another
machine. I'm not sure then if I had -r. Again not quite sure if
I had a previous "-r" on the latest attacked host, (a co-admin got
in before me & turned access off, so not certain of precise original
parameters to ftpd)
Is the standard libexec/ftpd considered insecure ?
Should one be running something else, EG /usr/ports/ftp/lukemftpd ?
-
Julian Stacey. Unix C & Net Services Consultant - Munich. http://berklix.com
Mail in Ascii/ plain text: HTML is Spam dumped.
Schnupftabak probieren: Ihr Rauchen = mein allergischer Kopfschmerz !
Software patents: Vampires would approve: http://berklix.com/jhs/patents
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401040127.i041RG9q006665>