From owner-freebsd-isp@FreeBSD.ORG  Tue Feb 24 23:34:32 2004
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 919CE16A4CE
	for <freebsd-isp@freebsd.org>; Tue, 24 Feb 2004 23:34:32 -0800 (PST)
Received: from cell.sick.ru (cell.sick.ru [217.72.144.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A297643D1F
	for <freebsd-isp@freebsd.org>; Tue, 24 Feb 2004 23:34:31 -0800 (PST)
	(envelope-from glebius@cell.sick.ru)
Received: from cell.sick.ru (glebius@localhost [127.0.0.1])
	by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1P7XnQE083334
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Wed, 25 Feb 2004 10:33:50 +0300 (MSK)
	(envelope-from glebius@cell.sick.ru)
Received: (from glebius@localhost)
	by cell.sick.ru (8.12.9/8.12.6/Submit) id i1P7XlLE083333;
	Wed, 25 Feb 2004 10:33:48 +0300 (MSK)
Date: Wed, 25 Feb 2004 10:33:47 +0300
From: Gleb Smirnoff <glebius@cell.sick.ru>
To: Julian Stacey <jhs@berklix.org>
Message-ID: <20040225073347.GA83247@cell.sick.ru>
References: <200402250358.i1P3wZeC004091@fire.jhs.private>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <200402250358.i1P3wZeC004091@fire.jhs.private>
User-Agent: Mutt/1.5.6i
cc: freebsd-isp@freebsd.org
cc: jhs@berklix.com
cc: ewinter@ewinter.org
cc: np@bsn.com
Subject: Re: ftpd loop hole ?
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2004 07:34:32 -0000

On Wed, Feb 25, 2004 at 04:58:35AM +0100, Julian Stacey wrote:
J> Some bandwidth thief uploaded videos to my ~ftp/ for bootleggers to download.
...
J> /etc/master.passwd
J> 	ftp:*:14:5::0:0:Anonymous FTP tower.berklix:/usr1/ftp:/sbin/nologin
...
J> /etc/inetd.conf
J> 	ftp     stream  tcp     nowait  root    /usr/libexec/ftpd    ftpd -l -l

With configuration described above, you have got an anonymous ftp login.

J> >From man ftpd I can see & have added:
J>  -M      Prevent anonymous users from creating directories.

I do not see this in your inetd.conf.

Since you have "-l -l", you can obtain all needed information from
log files.

-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE