ftpd -r insufficient to protect from writing
Julian Stacey
jhs at berklix.org
Sat Jan 3 17:27:34 PST 2004
Hi freebsd-isp at freebsd.org people
Has anyone seen systems running with an inetd.conf entry of
ftpd -l -r
where crackers get in & write quantities of crap in pub/ ?
I saw similar maybe 6 months ago, & again recently on another
machine. I'm not sure then if I had -r. Again not quite sure if
I had a previous "-r" on the latest attacked host, (a co-admin got
in before me & turned access off, so not certain of precise original
parameters to ftpd)
Is the standard libexec/ftpd considered insecure ?
Should one be running something else, EG /usr/ports/ftp/lukemftpd ?
-
Julian Stacey. Unix C & Net Services Consultant - Munich. http://berklix.com
Mail in Ascii/ plain text: HTML is Spam dumped.
Schnupftabak probieren: Ihr Rauchen = mein allergischer Kopfschmerz !
Software patents: Vampires would approve: http://berklix.com/jhs/patents
More information about the freebsd-isp
mailing list