RE: FTP security question...

["The Crocodile" <tcroc () cow pasture com>]

Many of the remotely exploitable bugs found in FTPD programs require a
valid login to be able to overflow the buffer and thus exploit the
vulnerability.  If you have anon turned on and don't need it you leave
that avenue of attack open.  If for some reason you REQUIRE that it be
left open then do so.

You best be is if you don't need it close it.

The Crocodile
www.ghettohackers.net
www.pasture.com/~tcroc

-----Original Message-----
From: Mike Cain [mailto:mikec () lpinsurance com] 
Sent: Wednesday, November 13, 2002 12:09 PM
To: security-basics () lists securityfocus com
Subject: FTP security question...

I just came to work at a new company, and I have been doing the standard
auditing and such to see where the company stands from a security point
of view. Nothing looks as if its been compromised in the past, which
should keep me from having to rebuild anything, but one thing I noticed
on my SSS scan of the outside interface on our proxy server, was that
Anonymous FTP is allowed. I know that's a no-no, but I looked closer,
and found that the FTP root was locked down. Meaning if I log in anon, I
cant mkdir, etc. What are the issues with that type of setup? Known
security risks? Thanks in advance. 

 

PS yes, I am searching google as we speak with little to no effect.. 

 

Mike C

CCNA/CCNP/MCSE