Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 13 Sep 2001 15:13:46 +0200 (CEST)
From:      "P. U. (Uli) Kruppa" <root@pukruppa.de>
To:        Ted Mittelstaedt <tedm@toybox.placo.com>
Cc:        Giorgos Keramidas <charon@labs.gr>, <freebsd-questions@FreeBSD.ORG>
Subject:   RE: anonymous-ftp cracked
Message-ID:  <20010913143443.F7629-100000@pukruppa.de>
In-Reply-To: <001501c13c0c$7d077780$1401a8c0@tedm.placo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
First of all: Thanks for all your answers!

I think I have to explain something:
I do not run an ISP , I am not an experienced administrator
of some sort of big network. I was just shocked, that
someone was able to push 625 MB of trash onto my entirely
private computer - I do not even have a static IP! I simply
hired a cheap DSL-connection, like some million other people
will in the next years - and also got some new problems I
never had to think about before.

I think it is nice to have anonymous upload, because I do
not have to leave passwords to other people or on other
people's computers.
I set incoming to wx and will have a close look at
# df -h
sometimes. My system is small enough to see if strange
things are going on.

Sorry for cross-posting freebsd-current . I thought it might
be some sort of security-hole.


Uli.



On Wed, 12 Sep 2001, Ted Mittelstaedt wrote:

> Date: Wed, 12 Sep 2001 21:28:07 -0700
> From: Ted Mittelstaedt <tedm@toybox.placo.com>
> To: Giorgos Keramidas <charon@labs.gr>,
>      "P. U. (Uli) Kruppa" <root@pukruppa.de>
> Cc: current@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
> Subject: RE: anonymous-ftp cracked
>
> >-----Original Message-----
> >From: owner-freebsd-questions@FreeBSD.ORG
> >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Giorgos
> >Keramidas
> >
> >Another common thing done in writable incoming/ directories is to create a
> >file of fixed size, say 100 Mb, and use vnconfig to mount this file as the
> >incoming/ directory of an FTP server.  Then there's only about 100 Mb of
> >space available in your incoming/ and nobody can store tons of data in there,
> >wasting your disk space until disks are full.
> >
>
> Hi Uli and Giorgos,
>
>   I've had a bit of experience with this sort of thing and I have to say that
> nobody should be running an open FTP server that allows uploading to anyone
> unless they are willing to take the time to monitor it - and I mean every
> day, preferably several times a day.
>
> 100MB is plenty of space for some jerk to upload his collection
> of Sally SpreadEagle in all her silicon glory.  If that happens
> your going to find every bit of outbound bandwidth you have completely
> saturated.  If your unlucky enough to have your FTP server at an
> ISP you may find yourself fined heavily  (ie: overage charges)
>
>   Some people have a little script that runs out of cron and diffs the
> output of ls against the previous run and e-mails the maintainer when new
> files show up, others simply check by eye.  Whatever works for you is fine,
> but don't think that you can just put out public storage for anyone to use
> as they see fit and just ignore it anymore.
>
>
> Ted Mittelstaedt                                       tedm@toybox.placo.com
> Author of:                           The FreeBSD Corporate Networker's Guide
> Book website:                          http://www.freebsd-corp-net-guide.com
>
>
>

*--------------------------------------*
|  www.pukruppa.de       www.2000d.de  |
|          Wuppertal - Germany         |
*--------------------------------------*


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010913143443.F7629-100000>