From owner-freebsd-questions Wed Oct 17 7:38:15 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mta03.mail.mel.aone.net.au (mta03.mail.au.uu.net [203.2.192.83]) by hub.freebsd.org (Postfix) with ESMTP id 99F7337B407 for ; Wed, 17 Oct 2001 07:38:11 -0700 (PDT) Received: from ausyddtp0050.ozemail.com.au ([203.166.66.104]) by mta03.mail.mel.aone.net.au with ESMTP id <20011017143810.UFQG15297.mta03.mail.mel.aone.net.au@ausyddtp0050.ozemail.com.au>; Thu, 18 Oct 2001 00:38:10 +1000 Message-Id: <5.1.0.14.2.20011018002559.039e97a0@pop.ozemail.com.au> X-Sender: rbyrnes@pop.ozemail.com.au X-Mailer: I wish it was Linux Date: Thu, 18 Oct 2001 00:28:36 +1000 To: scott@gerhardt-it.com From: Rob B Subject: Re: ftp security Cc: Sol , freebsd-questions@FreeBSD.ORG In-Reply-To: <3BCCA414.477CCC8A@gerhardt-it.com> References: <20011016195434.58399.qmail@web11705.mail.yahoo.com> <3BCC9F3D.B91ADBB3@gerhardt-it.com> <20011016175057.A19266@underzen.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 07:18 17/10/2001, Scott Gerhardt wrote: >There was an /incoming/Taggeg/by/PS2H/ directory with nothing in it "Tagging" an anonymous ftp server means that the IP address has been recorded for later uploading (upping) by this kiddy or someone in the fxp group. Basically, you've been tagged once and the IP address published on a board somewhere, and now every opther wanna-be l33t HaXoR wants a bit of space on your box, so they'll try and tag you as well. Cheers, Rob >Sol wrote: > > > > Hi, > > > > I've had this sort of thing happen myself. Both times it turned > out to be pirates that basically "wardial" looking for anonymous ftp > sites with decent badwidth to host their "warez". They'll use it until > you discover them stealing the bandwidth and then move on. Whether or not > you want to reinstall is determined by your paranoia and/or security > policies. Did you discover what the files were? > > > > -- > > Sol > > > > Somewhere around Tue, Oct 16, 2001 at 02:57:33PM -0600, Scott Gerhardt > wrote: > > > Thanks Tim, > > > > > > Wouldn't a complete reinstall be overkill when it only "appears" that > > > someone put some mysterious files in an anonymous ftp incoming > > > directory? > > > > > > It's not like someone cracked into the system, putting files in > > > /var/ftp/pub/incoming is normal. Unless, the ftpd that comes with > > > FreeBSD 4.4-Release has a gaping security hole I don't know about. > > > > > > The default ftpd that comes with FreeBSD chroot's anonymous users and > > > has builtin commands so it should be quite secure, right? > > > > > > > > > - Scott > > > > >-- >------------------------------------ >Scott Gerhardt, P.Geo. >Gerhardt Information Technologies >306.227.5290 > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message -- Time is but the stream I go a-fishing in. This is random quote 1002 of a collection of 1164 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message