Re: ftp set up
--- Bill Moran <[EMAIL PROTECTED]> wrote: > > Please wrap your lines around 72 characters. > > In response to Vizion <[EMAIL PROTECTED]>: > > > > I wonder if someone could point me to a reliable > detailed resource for > > configuring an ftp server on freebsd 6.1 for both > incoming and outgoing > > files (including anonymous ftp). > > > > I do not want anonymous uploaders to view existing > file names in > > ftp/incoming or be able to download from incoming. > I want the server as > > secure as is reasonably practicable. The notes in > the freebsd handbook are > > not really comprehensive enough for me. > > Please don't do this. Please don't even try. > > Never try to use the word "secure" in the same > sentence as "ftp". They don't > fit in the same sentence. > > Set up ssh, then have Windows users use WinSCP. > > Let me tell a little story. A few years back I was > asked to set up "secure > ftp" for a client. I argued, but he insisted, and > "the customer is always > right", so I set it up for him. > > The plan, to keep it secure, was to enable the FTP > server when it was needed, > and disable it when the transfer was complete. > > Well, one day he forgot to turn it off. A few weeks > later he went to enable > it for another transfer and noticed a bunch of files > on the server he didn't > recognize. > > Someone had guessed the password and was using his > FTP server to transfer files > of a most unsavory nature. > > After we destroyed the files, changed the passwords, > etc -- he decided to keep > using the FTP (in spite of the incident). The only > problem, he argued, was > that we'd forgot to turn it off. > > But the crook now had our address. The next time he > enabled that server, it > wasn't more than a few hours before the crook was > using it to move around > his files again. The guy must have set up some > monitoring to alert him when > the FTP site came up, then he either had a sniffer > to get the password or > he was able to brute-force it really fast. > > I tell that story when people tell me that the data > their transferring isn't > sensitive, and therefore using FTP isn't a security > risk. It still is. The > only time it's OK to use FTP is when it's download > only and the files are > publicly available. Any other time, FTP is a > liability. > > -- > Bill Moran > http://www.potentialtech.com > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > Just an informational bit for the windows users that will transfer files: WinSCP http://winscp.net/eng/index.php Filezilla http://filezilla.sourceforge.net/ Portable FileZilla http://portableapps.com/ PS: The portable version of FileZilla doesn't require an install on Windows. TV dinner still cooling? Check out "Tonight's Picks" on Yahoo! TV. http://tv.yahoo.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ftp set up
In response to Vizion <[EMAIL PROTECTED]>: > > > -Original Message- > > From: Bill Moran [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, March 06, 2007 5:24 AM > > To: Vizion > > Cc: freebsd-questions@freebsd.org > > Subject: Re: ftp set up > > > > > > Please wrap your lines around 72 characters. > > > > In response to Vizion <[EMAIL PROTECTED]>: > > > > > > I wonder if someone could point me to a reliable detailed > > resource for > > > configuring an ftp server on freebsd 6.1 for both incoming > > and outgoing > > > files (including anonymous ftp). > > > > > > I do not want anonymous uploaders to view existing file names in > > > ftp/incoming or be able to download from incoming. I want > > the server as > > > secure as is reasonably practicable. The notes in the > > freebsd handbook are > > > not really comprehensive enough for me. > > > > Please don't do this. Please don't even try. > > > > -- > Got yr point -- my guess is you did not use a process to shift files out > of the the upload directory as soon as they arrived. That way they can be > monitored and never downloaded. >You're still sending out _very_ long lines. BTW my standard line length is 80 chars.. I have reduced them for you. Dont you have a wrap option on your mail reader to set the lines to your desired width ... and no, I didn't use a process to prevent files from being subsequently downloaded, it would have defeated the purpose of "file transfer". Here we differ .. if you did not do that you asked for trouble!! David > I think it is up to each administrator to solve the problems. If you > happen to have an answer to my original question -- a reliable source of > info about ftp configuration it would be useful. It is a long time since I > ran an ftp server and I am rusty. Sorry, I don't. I haven't set up an FTP server in a long time. scp has replaced ftp -- which was my point. I've done my due-diligence in warning of the dangers ... Uploading to an ftp server has to be treated as a process by which the sender offers files to the administrator who may or may not choose to transfer them to the download directory. IF you let an end user determine what may be made available and subsequently have trouble well do not blame ftp blame the administrator!! IMHO To do otherwise is not exercising due diligence!! On web sites I follow the same principle -- users cannot add links -- only offer them.. same principle! david -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ftp set up
In response to Vizion <[EMAIL PROTECTED]>: > > > -Original Message- > > From: Bill Moran [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, March 06, 2007 5:24 AM > > To: Vizion > > Cc: freebsd-questions@freebsd.org > > Subject: Re: ftp set up > > > > > > Please wrap your lines around 72 characters. > > > > In response to Vizion <[EMAIL PROTECTED]>: > > > > > > I wonder if someone could point me to a reliable detailed > > resource for > > > configuring an ftp server on freebsd 6.1 for both incoming > > and outgoing > > > files (including anonymous ftp). > > > > > > I do not want anonymous uploaders to view existing file names in > > > ftp/incoming or be able to download from incoming. I want > > the server as > > > secure as is reasonably practicable. The notes in the > > freebsd handbook are > > > not really comprehensive enough for me. > > > > Please don't do this. Please don't even try. > > > > -- > Got yr point -- my guess is you did not use a process to shift files out > of the the upload directory as soon as they arrived. That way they can be > monitored and never downloaded. You're still sending out _very_ long lines. ... and no, I didn't use a process to prevent files from being subsequently downloaded, it would have defeated the purpose of "file transfer". > I think it is up to each administrator to solve the problems. If you > happen to have an answer to my original question -- a reliable source of > info about ftp configuration it would be useful. It is a long time since I > ran an ftp server and I am rusty. Sorry, I don't. I haven't set up an FTP server in a long time. scp has replaced ftp -- which was my point. I've done my due-diligence in warning of the dangers ... -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ftp set up
> -Original Message- > From: Bill Moran [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 06, 2007 5:24 AM > To: Vizion > Cc: freebsd-questions@freebsd.org > Subject: Re: ftp set up > > > Please wrap your lines around 72 characters. > > In response to Vizion <[EMAIL PROTECTED]>: > > > > I wonder if someone could point me to a reliable detailed > resource for > > configuring an ftp server on freebsd 6.1 for both incoming > and outgoing > > files (including anonymous ftp). > > > > I do not want anonymous uploaders to view existing file names in > > ftp/incoming or be able to download from incoming. I want > the server as > > secure as is reasonably practicable. The notes in the > freebsd handbook are > > not really comprehensive enough for me. > > Please don't do this. Please don't even try. > > -- Got yr point -- my guess is you did not use a process to shift files out of the the upload directory as soon as they arrived. That way they can be monitored and never downloaded. I think it is up to each administrator to solve the problems. If you happen to have an answer to my original question -- a reliable source of info about ftp configuration it would be useful. It is a long time since I ran an ftp server and I am rusty. I ran a large number of ftp servers for a long time and suffered many hacking attempts but none succeeded on my watch. I agree it is not easy - but necessary david ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ftp set up
Please wrap your lines around 72 characters. In response to Vizion <[EMAIL PROTECTED]>: > > I wonder if someone could point me to a reliable detailed resource for > configuring an ftp server on freebsd 6.1 for both incoming and outgoing > files (including anonymous ftp). > > I do not want anonymous uploaders to view existing file names in > ftp/incoming or be able to download from incoming. I want the server as > secure as is reasonably practicable. The notes in the freebsd handbook are > not really comprehensive enough for me. Please don't do this. Please don't even try. Never try to use the word "secure" in the same sentence as "ftp". They don't fit in the same sentence. Set up ssh, then have Windows users use WinSCP. Let me tell a little story. A few years back I was asked to set up "secure ftp" for a client. I argued, but he insisted, and "the customer is always right", so I set it up for him. The plan, to keep it secure, was to enable the FTP server when it was needed, and disable it when the transfer was complete. Well, one day he forgot to turn it off. A few weeks later he went to enable it for another transfer and noticed a bunch of files on the server he didn't recognize. Someone had guessed the password and was using his FTP server to transfer files of a most unsavory nature. After we destroyed the files, changed the passwords, etc -- he decided to keep using the FTP (in spite of the incident). The only problem, he argued, was that we'd forgot to turn it off. But the crook now had our address. The next time he enabled that server, it wasn't more than a few hours before the crook was using it to move around his files again. The guy must have set up some monitoring to alert him when the FTP site came up, then he either had a sniffer to get the password or he was able to brute-force it really fast. I tell that story when people tell me that the data their transferring isn't sensitive, and therefore using FTP isn't a security risk. It still is. The only time it's OK to use FTP is when it's download only and the files are publicly available. Any other time, FTP is a liability. -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ftp set up
On Tue, 6 Mar 2007 4:48:25 -0800 Vizion <[EMAIL PROTECTED]> wrote: > I wonder if someone could point me to a reliable detailed resource > for configuring an ftp server on freebsd 6.1 for both incoming and > outgoing files (including anonymous ftp). > > I do not want anonymous uploaders to view existing file names in > ftp/incoming or be able to download from incoming. I want the server > as secure as is reasonably practicable. The notes in the freebsd > handbook are not really comprehensive enough for me. You might want to read up on some of the FTP servers that are available in the ports system. Find one that meets your needs and then if you are still having problems or questions, either check on the FTP server's mailing list, if one is available, or post your question here. -- Gerard Friends, n: People who borrow your books and set wet glasses on them. People who know you well, but like you anyway. signature.asc Description: PGP signature
ftp set up
Hi I wonder if someone could point me to a reliable detailed resource for configuring an ftp server on freebsd 6.1 for both incoming and outgoing files (including anonymous ftp). I do not want anonymous uploaders to view existing file names in ftp/incoming or be able to download from incoming. I want the server as secure as is reasonably practicable. The notes in the freebsd handbook are not really comprehensive enough for me. Thanks in advance david ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
