From owner-freebsd-questions Thu Sep 13 8:14:15 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mout04.kundenserver.de (mout04.kundenserver.de [195.20.224.89]) by hub.freebsd.org (Postfix) with ESMTP id 3839037B40C for ; Thu, 13 Sep 2001 08:14:09 -0700 (PDT) Received: from [195.20.224.208] (helo=mrvdom01.schlund.de) by mout04.kundenserver.de with esmtp (Exim 2.12 #2) id 15hYBd-0003js-00; Thu, 13 Sep 2001 17:13:53 +0200 Received: from pd950c78f.dip.t-dialin.net ([217.80.199.143]) by mrvdom01.schlund.de with esmtp (Exim 2.12 #2) id 15hYBd-0000zD-00; Thu, 13 Sep 2001 17:13:53 +0200 Date: Thu, 13 Sep 2001 15:13:46 +0200 (CEST) From: "P. U. (Uli) Kruppa" To: Ted Mittelstaedt Cc: Giorgos Keramidas , Subject: RE: anonymous-ftp cracked In-Reply-To: <001501c13c0c$7d077780$1401a8c0@tedm.placo.com> Message-ID: <20010913143443.F7629-100000@pukruppa.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG First of all: Thanks for all your answers! I think I have to explain something: I do not run an ISP , I am not an experienced administrator of some sort of big network. I was just shocked, that someone was able to push 625 MB of trash onto my entirely private computer - I do not even have a static IP! I simply hired a cheap DSL-connection, like some million other people will in the next years - and also got some new problems I never had to think about before. I think it is nice to have anonymous upload, because I do not have to leave passwords to other people or on other people's computers. I set incoming to wx and will have a close look at # df -h sometimes. My system is small enough to see if strange things are going on. Sorry for cross-posting freebsd-current . I thought it might be some sort of security-hole. Uli. On Wed, 12 Sep 2001, Ted Mittelstaedt wrote: > Date: Wed, 12 Sep 2001 21:28:07 -0700 > From: Ted Mittelstaedt > To: Giorgos Keramidas , > "P. U. (Uli) Kruppa" > Cc: current@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG > Subject: RE: anonymous-ftp cracked > > >-----Original Message----- > >From: owner-freebsd-questions@FreeBSD.ORG > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Giorgos > >Keramidas > > > >Another common thing done in writable incoming/ directories is to create a > >file of fixed size, say 100 Mb, and use vnconfig to mount this file as the > >incoming/ directory of an FTP server. Then there's only about 100 Mb of > >space available in your incoming/ and nobody can store tons of data in there, > >wasting your disk space until disks are full. > > > > Hi Uli and Giorgos, > > I've had a bit of experience with this sort of thing and I have to say that > nobody should be running an open FTP server that allows uploading to anyone > unless they are willing to take the time to monitor it - and I mean every > day, preferably several times a day. > > 100MB is plenty of space for some jerk to upload his collection > of Sally SpreadEagle in all her silicon glory. If that happens > your going to find every bit of outbound bandwidth you have completely > saturated. If your unlucky enough to have your FTP server at an > ISP you may find yourself fined heavily (ie: overage charges) > > Some people have a little script that runs out of cron and diffs the > output of ls against the previous run and e-mails the maintainer when new > files show up, others simply check by eye. Whatever works for you is fine, > but don't think that you can just put out public storage for anyone to use > as they see fit and just ignore it anymore. > > > Ted Mittelstaedt tedm@toybox.placo.com > Author of: The FreeBSD Corporate Networker's Guide > Book website: http://www.freebsd-corp-net-guide.com > > > *--------------------------------------* | www.pukruppa.de www.2000d.de | | Wuppertal - Germany | *--------------------------------------* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message