Bugtraq mailing list archives
Re: your mail
From: cklaus () shadow net (Christopher Klaus)
Date: Mon, 16 May 94 18:48:01 EDT
Steven C. Blair wrote : || || John MacDonald says: ***^***** Macdonald || || There is one advantage in doing this sort of thing. There is || a powerful security advantage in having many off-site copies || of the ls-lR+hash file. It is *really* hard for to cracker || to spoof a change to an existing file || || If folks would quit using writable directories in their hierarchies then the || problem goes away. There are few to NO compelling reasons with my years of || experience that justify writable directories in anonymous FTP. You're just || asking for trouble, with a big "T". || || If you must justify having a writable directory that is FTp reachable from an || external network, either use a seperate login with a one-time passwd that is || changed mutually by both parties on your sites' end, or learn the || intricacies(sp?) of WU-FTPD which can prevent a lot of problems. That is a separate issue. Having checksums, and making it difficult to hide the existance of a change by maintaining external copies of the expected value of the checksum is a valuable tool for discovering that a breach has occurred. Getting the permissions right can prevent many types of such breaches.
Not only do some sites have FTP writable directories, but many of the FTP sites have other security vulnerabilities, that allow an intruder get in. So, even if the admin set up FTP correctly, it wont help much if an intruder has root on the FTP machine. If FTP clients had automatical checksum checker that could compare with the FTP server, people would be able to easily test if the checksums have been messed with or not. The intruder would need to modify all the copies kept on archie, etc. By having this checksum ability, this will stop breaches or trojans that get entered into the public AFTER the author has released his program. This will not stop breaches or trojans that get implemented into the author's own version and then gets distributed. Atleast then, we would know where the trojan was 1st introduced. -- Christopher William Klaus <cklaus () shadow net> <iss () shadow net> Internet Security Systems, Inc. 2209 Summit Place Drive,Dunwoody GA 30350-2430. (404)998-5871.
Current thread:
- Re: trojans on ftp sites der Mouse (May 14)
- Re: trojans on ftp sites Peter Deutsch (May 14)
- <Possible follow-ups>
- Re: trojans on ftp sites Paul Robinson (May 14)
- Re: your mail Christopher Klaus (May 14)
- Re: trojans on ftp sites smb () research att com (May 14)
- Re: your mail John Macdonald (May 16)
- Re: your mail Steven C. Blair (May 16)
- Re: your mail John Macdonald (May 16)
- Re: your mail Christopher Klaus (May 16)
- Re: your mail Adam Shostack (May 16)
- Re: your mail John Macdonald (May 16)
- Checksums in FTP servers. Scott Northrop (May 16)