That's not the only one. The company requires anonymous upload capability
due to vendor requirements :(
Anonymous uploads are set up so that they can be written to a specific
directory but not viewed. Also any files placed there are moved within 10
minutes to a holding disk after which the FTP Admin (me) gets notified of
incoming traffic. Additionally the system is monitored by an IDS. That way I
can keep the company happy and can also nail the SOBs that look for unwary
sites in which to store their warez.
Ken McKinlay
613-599-9199 x506
[EMAIL PROTECTED]
> -----Original Message-----
> From: Jose Nazario [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 05, 2001 15:11
> To: Ken McKinlay
> Cc: [EMAIL PROTECTED]
> Subject: re: Hacked@!!@!!
>
>
> On Thu, 5 Jul 2001, Ken McKinlay wrote:
>
> > It looks like you were initially probed by Grim's Ping. The tool can
> > be found at http://grimsping.cjb.net/. I ran into it about 7 months
> > ago and set up a blocker on our FTP site to prevent logins using
> > [EMAIL PROTECTED] The tool basically searches for writable
> and readable
> > areas on FTP sites.
>
> is that the only block you did? remind me to change the login
> to something
> different to get past your check. :P
>
> like any eploit or vulnerability, its easy to identify one
> simple thing
> and block on it, ie a login name ([EMAIL PROTECTED]). thats not security,
> though. the right fix is to kill anonymous uploads (and
> retrievals, if you
> need a drop point make it write only, no reads), mkdir for anonymous
> folks, etc ...
>
> thats the problem. we see this on lots of FTP servers,
> various forms of it
> (ie TEST345 dir creation and tatging etc ...). its just warez pups.
>
> ____________________________
> jose nazario
> [EMAIL PROTECTED]
> PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD
> 48 A0 07 80
> PGP key ID 0xFD37F4E5
> (pgp.mit.edu)
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
