From owner-freebsd-security  Fri Dec  1  9:49:29 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66])
	by hub.freebsd.org (Postfix) with ESMTP id 1EECA37B69D
	for <freebsd-security@FreeBSD.ORG>; Fri,  1 Dec 2000 09:49:23 -0800 (PST)
Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131])
	by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id KAA10757;
	Fri, 1 Dec 2000 10:49:08 -0700 (MST)
	(envelope-from nate@nomad.yogotech.com)
Received: (from nate@localhost)
	by nomad.yogotech.com (8.8.8/8.8.8) id KAA05714;
	Fri, 1 Dec 2000 10:49:07 -0700 (MST)
	(envelope-from nate)
From: Nate Williams <nate@yogotech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14887.58514.983118.454312@nomad.yogotech.com>
Date: Fri, 1 Dec 2000 10:49:06 -0700 (MST)
To: James Wyatt <jwyatt@rwsystems.net>
Cc: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>,
	freebsd-security@FreeBSD.ORG
Subject: Re: which ftpd
In-Reply-To: <Pine.BSF.4.10.10012010332310.42770-100000@bsdie.rwsystems.net>
References: <200012010823.JAA24840@gilberto.physik.rwth-aachen.de>
	<Pine.BSF.4.10.10012010332310.42770-100000@bsdie.rwsystems.net>
X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
Reply-To: nate@yogotech.com (Nate Williams)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> I've found the stock FreeBSD FTPd really good. It offers a chrooted
> account I've had to take the WUFTPd risk for before on Linux. If you
> turn-up the logging you can easily catch things like this. (btw: this
> looks like some warez d00dz building a nest. I've had it happen before and
> there have been some FTPd holes that required writable anon-ftp to work.)
> Using the FTPd xfer log, you can easily audit uploaded files and spot
> things like this. You can also have an automatic process watch the log 
> and move the files to a quarrantine area.

Do you have an example setup you could post to the list?  One of the
issues I'd like to have is an ftpd that allows uploads, but either moves
them or changes the permissions on them as soon as the files are
uploaded, to avoid having folks abuse the system for warez.

This and the ability to chroot ftpd easily would allow me to switch away
from my current ftpd daemon.

Having this in the archive may help further users as well...




Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message