From owner-freebsd-questions@FreeBSD.ORG Tue Mar 6 23:13:05 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C76F816A400 for ; Tue, 6 Mar 2007 23:13:05 +0000 (UTC) (envelope-from paulette_mcgee@yahoo.com) Received: from web62315.mail.re1.yahoo.com (web62315.mail.re1.yahoo.com [69.147.75.29]) by mx1.freebsd.org (Postfix) with SMTP id 8D69C13C47E for ; Tue, 6 Mar 2007 23:13:05 +0000 (UTC) (envelope-from paulette_mcgee@yahoo.com) Received: (qmail 85141 invoked by uid 60001); 6 Mar 2007 23:13:04 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=pUg29vOWWPgWyUzYD/1dmOOlL7zt48G2O7uc+qqPX7lkvFVttX2/jJduZVLm8/mmq9R3nyNQNioCqvnEyFQ3vndp60seYMDFSOtTjDyzf0tyJQSdVG0zPCP9ns65o/my62gUc1Ny2Mz7Z/KYVzRPXYjJ4QwHYGh40X1ZetFdIUg=; X-YMail-OSG: 6Gl_XA0VM1m3s8Y2i0tTN67mqKI699ZTOKD.Kfoy334Ddw0763XS71usFyYq5WpAhc31P1Ag5AaF534pdPsVWKscNlhk3qGAvBQg_ClRJoiLb97YSf24hg-- Received: from [68.164.15.239] by web62315.mail.re1.yahoo.com via HTTP; Tue, 06 Mar 2007 15:13:04 PST Date: Tue, 6 Mar 2007 15:13:04 -0800 (PST) From: Paulette McGee To: Bill Moran , Vizion In-Reply-To: <20070306082414.dc4ccb09.wmoran@potentialtech.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <904298.74508.qm@web62315.mail.re1.yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: ftp set up X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2007 23:13:06 -0000 --- Bill Moran wrote: > > Please wrap your lines around 72 characters. > > In response to Vizion : > > > > I wonder if someone could point me to a reliable > detailed resource for > > configuring an ftp server on freebsd 6.1 for both > incoming and outgoing > > files (including anonymous ftp). > > > > I do not want anonymous uploaders to view existing > file names in > > ftp/incoming or be able to download from incoming. > I want the server as > > secure as is reasonably practicable. The notes in > the freebsd handbook are > > not really comprehensive enough for me. > > Please don't do this. Please don't even try. > > Never try to use the word "secure" in the same > sentence as "ftp". They don't > fit in the same sentence. > > Set up ssh, then have Windows users use WinSCP. > > Let me tell a little story. A few years back I was > asked to set up "secure > ftp" for a client. I argued, but he insisted, and > "the customer is always > right", so I set it up for him. > > The plan, to keep it secure, was to enable the FTP > server when it was needed, > and disable it when the transfer was complete. > > Well, one day he forgot to turn it off. A few weeks > later he went to enable > it for another transfer and noticed a bunch of files > on the server he didn't > recognize. > > Someone had guessed the password and was using his > FTP server to transfer files > of a most unsavory nature. > > After we destroyed the files, changed the passwords, > etc -- he decided to keep > using the FTP (in spite of the incident). The only > problem, he argued, was > that we'd forgot to turn it off. > > But the crook now had our address. The next time he > enabled that server, it > wasn't more than a few hours before the crook was > using it to move around > his files again. The guy must have set up some > monitoring to alert him when > the FTP site came up, then he either had a sniffer > to get the password or > he was able to brute-force it really fast. > > I tell that story when people tell me that the data > their transferring isn't > sensitive, and therefore using FTP isn't a security > risk. It still is. The > only time it's OK to use FTP is when it's download > only and the files are > publicly available. Any other time, FTP is a > liability. > > -- > Bill Moran > http://www.potentialtech.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > Just an informational bit for the windows users that will transfer files: WinSCP http://winscp.net/eng/index.php Filezilla http://filezilla.sourceforge.net/ Portable FileZilla http://portableapps.com/ PS: The portable version of FileZilla doesn't require an install on Windows. ____________________________________________________________________________________ TV dinner still cooling? Check out "Tonight's Picks" on Yahoo! TV. http://tv.yahoo.com/