Security Incidents mailing list archives

Re: big increase in ftp scanning

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Mon, 30 Oct 2000 13:38:31 -0500

On Sun, 29 Oct 2000, Ian Eure wrote:

somewhat OT, can someone recommend a more secure ftpd? it seems like
almost all of the ftp daemons had (have?) bad security problems.


there has been a port of the OpenBSD-ftpd to non-OpenBSD systems. it
suports PAM on Linux, or can bypass that for normal authentication
schemes. it supports chroot() for the anonmous user etc. i have not tried
it on anything but Linux.

http://www.eleves.ens.fr:8080/home/madore/programs/#prog_ftpd-BSD

get the latest version, it had a string format vulnerability akin to the
BSD FTPd.

jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Current thread:

Re: big increase in ftp scanning David Knaack (Nov 01)
- <Possible follow-ups>
- Re: big increase in ftp scanning Jose Nazario (Nov 01)
- Re: big increase in ftp scanning Eilon Gishri (Nov 01)
  - Re: big increase in ftp scanning Gregory A Lundberg (Nov 01)
    - Re: big increase in ftp scanning Russell Fulton (Nov 02)
- Re: big increase in ftp scanning Sean Michael Whipkey (Nov 01)
- Re: big increase in ftp scanning Greg Owen (Nov 01)
  - Re: big increase in ftp scanning Michael Bush (Nov 02)
  - Re: big increase in ftp scanning Christopher Malek (Nov 05)
- Re: big increase in ftp scanning Mike A. Harris (Nov 02)
  - Re: big increase in ftp scanning Thomas Molina (Nov 05)
  - Re: big increase in ftp scanning Daniel Roesen (Nov 08)

(Thread continues...)