PaulDotCom mailing list archives
Ideas for Securing my FTP Server
From: dninja at gmail.com (Robin Wood)
Date: Sun, 22 Mar 2009 20:48:10 +0000
2009/3/22 Shaun Curry <shauncurry1 at gmail.com>:
Well... I was up til 3am trying to get OpenBSD to work with a GNOME desktop environment (remember I come from a windows background).? I never got it to work so I have moved on to Ubuntu.? This should allow me to use daemonshield and some decent firewall software (maybe firestarter?!).
I've only skimmed some of this conversation but OpenBSD is mainly designed as a server OS so really shouldn't be running gnome and probably not even X. If you are building a server then for security you want as little installed and running on it as you can get away with. If you need to use a GUI to install or set something up then you may be best doing it on a test machine and then copying the config files across to your server rather than filling your server with GUIs. Robin
Also, I found a little something on Milw0rm about an exploit for serv-u ftp server. " A vulnerability is caused due to an input validation error when handling FTP "MKD" requests. This can be exploited to escape the FTP root and create arbitrary directory on the system via directory traversal attacks using the "\.." character sequence." http://www.milw0rm.com/exploits/8211 Thank you very much everyone for all your help!? This has been a lesson I will never forget. Shaun _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Ideas for Securing my FTP Server Shaun Curry (Mar 21)
- Ideas for Securing my FTP Server Larry McDonald (Mar 21)
- Ideas for Securing my FTP Server Raffi Jamgotchian (Mar 21)
- Ideas for Securing my FTP Server iamnowonmai (Mar 21)
- Ideas for Securing my FTP Server Pat Moloney (Mar 21)
- Ideas for Securing my FTP Server Shaun Curry (Mar 21)
- Ideas for Securing my FTP Server xgermx (Mar 21)
- Ideas for Securing my FTP Server Shaun Curry (Mar 22)
- Ideas for Securing my FTP Server Robin Wood (Mar 22)
- Ideas for Securing my FTP Server Mike Patterson (Mar 22)
- Ideas for Securing my FTP Server infolookup at gmail.com (Mar 22)
- Ideas for Securing my FTP Server infolookup at gmail.com (Mar 22)
- Ideas for Securing my FTP Server Shaun Curry (Mar 21)
- Ideas for Securing my FTP Server Tim Krabec (Mar 22)
- Ideas for Securing my FTP Server Shaun Curry (Mar 23)
- Ideas for Securing my FTP Server Adsquaired (Mar 24)