Re: ano () ano com ftpd dip.t-dialin.net

["Rainer Duffner" <rainer () ultra-secure de>]

Ralf G. R. Bergs writes: 

> On Wed, 06 Nov 2002 16:50:13 -0500, Owen McCusker wrote: 
>
> [...]
> > Has anyone else seen this type of activity from dip.t-dialin.net
> > or dipsters for short. ;-)?

t-dialin.net is the domain under which surfers from Deutsche Telekom's 
T-Online service operate (though not exclusively, IIRC).
t-dialin also includes ADSL-lines, so there are likely to be some 
warez-d00dez behind them. 

> Sure, I see it all day. 
>
> What they're trying to achieve is determine whether you have an "open" 
> FTP 
> server which allows them to store "warez" and download them again. 
>
> A simple countermeasure against this is to give files that are uploaded 
> to your "incoming" directory permissions so that anonymous users can't 
> access them anymore. You can even prohibit them from reading the 
> directory's contents so that they don't even see which files are stored 
> inside the directory.

I haven't checked other platforms, but FreeBSD's ftpd allows for a 
"incoming-only" mode, where people can't get anything from your server.
If you must have uploads, think about using that.
As a bonus, you might be able to collect the dropped warez at the end of the 
business day without hassle ;-) 


cheers,
Rainer
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner                   Munich
rainer () ultra-secure de          Germany
http://www.i-duffner.de        Freising
========================================
   When shall we three meet again
 In thunder, lightning, or in rain?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com