Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Dec 2000 09:23:19 +0100 (CET)
From:      Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>
To:        freebsd-security@freebsd.org
Subject:   which ftpd
Message-ID:  <200012010823.JAA24840@gilberto.physik.rwth-aachen.de>
next in thread | raw e-mail | index | archive | help 
I want to keep anonymous ftp on one of my machines but
I'm not sure whether I should use wuftpd or the stock distributed
ftpd. I want to have logging what users/sites are doing.
But I want security also.

I just discovered a bunch of suspicious files and directories
in my incoming directory:
drwxrwx-wx root/staff        0 Nov 28 19:45 2000 incoming/
drwxr-xr-x ftp/staff         0 Jul 31 00:04 2000 incoming/sm/
drwxr-xr-x ftp/staff         0 Aug 14 16:44 2000 incoming/. XFer/
drwxr-xr-x ftp/staff         0 Aug 14 16:50 2000 incoming/j/
drwxr-xr-x ftp/staff         0 Aug 21 04:15 2000 incoming/~tmp./
drwxr-xr-x ftp/staff         0 Aug 21 04:16 2000 incoming/.../
drwxr-xr-x ftp/staff         0 Nov  7 02:50 2000 incoming/.../ .sys/
-rw-r--r-- ftp/staff       937 Nov  7 02:49 2000 incoming/.../ .sys/eth-mmad.sfv
-rw-r--r-- ftp/staff  15000000 Nov  7 02:50 2000 incoming/.../ .sys/eth-mmad.r00
-rw-r--r-- ftp/staff   6307200 Nov  7 02:51 2000 incoming/.../ .sys/eth-mmad.r01
drwxr-xr-x ftp/staff         0 Sep 21 17:45 2000 incoming/test345/
drwxr-xr-x ftp/staff         0 Oct 20 01:14 2000 incoming/ .   test345/
-rw-r--r-- ftp/staff   1000000 Oct 20 01:14 2000 incoming/ .   test345/1MB
drwxr-xr-x ftp/staff         0 Nov 14 07:22 2000 incoming/ngf/
drwxr-xr-x ftp/staff         0 Nov 20 00:04 2000 incoming/asd/
drwxr-xr-x ftp/staff         0 Nov 21 11:32 2000 incoming/_ax/

The three-dot directories are normally used by intruder tools.
I'm wondering if this was an attack or just a trial.

It seems I didn't block creating diorectories otherwise it wouldn't have
been possible to create that but I'm wondering if this is possible
to disallow under the stock ftpd.


-- 
Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012010823.JAA24840>