|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Information from an FTP violation this weekend
"Jade E. Deane" <[email protected]> wrote: > > > We have an ftp site running on 209.123.52.40 that is made writable at > > > certain periods of time for anonymous users. Some of our customer's > > How pointless is this mail-list? I think the point was (inadvertently made) that this site (209.123.52.40, NAC-NETBLK02, nac.net, running NEPTUNE Microsoft FTP) has a security problem. It is not standard practice to have listable AND writable directories on anonymous ftp servers. If customers need to upload files they should also have individual directories under an unreadable directory tree i.e., /upload/a9-ns/custX /upload/0igm19/custY ... In this case none of the directories under /pub should be listable except perhaps //custX. Whether or not //custX needs to be listable depends on the technical skills of the customer. It is also standard practice to keep detailed logs of all ftp access and monitor, run IDS, and reports on those periodically. Since this is not typically practical using Microsoft software it looks like a straightforward case of 3 strikes you're hacked. -- Roger Marquis Roble Systems Consulting http://www.roble.com/
|