From owner-freebsd-security  Fri Dec  1  0:30:33 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
	by hub.freebsd.org (Postfix) with ESMTP id 036E637B400
	for <freebsd-security@FreeBSD.ORG>; Fri,  1 Dec 2000 00:30:31 -0800 (PST)
Received: (from kris@localhost)
	by citusc17.usc.edu (8.11.1/8.11.1) id eB18V4Y41662;
	Fri, 1 Dec 2000 00:31:04 -0800 (PST)
	(envelope-from kris)
Date: Fri, 1 Dec 2000 00:31:04 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: which ftpd
Message-ID: <20001201003104.A41598@citusc17.usc.edu>
References: <200012010823.JAA24840@gilberto.physik.rwth-aachen.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="rwEMma7ioTxnRzrJ"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200012010823.JAA24840@gilberto.physik.rwth-aachen.de>; from kuku@gilberto.physik.rwth-aachen.de on Fri, Dec 01, 2000 at 09:23:19AM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--rwEMma7ioTxnRzrJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Fri, Dec 01, 2000 at 09:23:19AM +0100, Christoph Kukulies wrote:
> I want to keep anonymous ftp on one of my machines but
> I'm not sure whether I should use wuftpd or the stock distributed
> ftpd. I want to have logging what users/sites are doing.
> But I want security also.

Never use wu-ftpd if you care about security. Use our stock ftpd
unless you need something it can't do, and in that case strongly
consider coding the needed functionality yourself before using another
ftpd. Basically all of the third party ftpds in ports have had
numerous security problems - the in-system one has been
vulnerability-free for quite a while now.

> The three-dot directories are normally used by intruder tools.
> I'm wondering if this was an attack or just a trial.

Upload point for warez kiddies, probably.

Kris
--rwEMma7ioTxnRzrJ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjonYcUACgkQWry0BWjoQKVgwQCgx3w0+QVggnU1uVxsnEyRQsZq
U6QAnjZiQRSHn4sqcty+nddAOm784MwO
=0Esv
-----END PGP SIGNATURE-----

--rwEMma7ioTxnRzrJ--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message