<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: ftpd: the advisory version

Re: ftpd: the advisory version

From: D. J. Bernstein <djb_at_CR.YP.TO>
Date: Sat, 1 Jul 2000 14:23:27 -0000

Clients should not---and, as far as I know, do not---check the source
TCP port for active connections from the server. See

http://cr.yp.to/ftp/security.html

for further comments on FTP protocol security issues.

Please note that publicfile isn't just for sites where ``all you need is
anonymous FTP.'' You can run publicfile as your anonymous FTP server,
and run a non-anonymous FTP server on another port or IP address. (Many
of wuftpd's security holes have required the attacker to log in first.)

Similarly, you can use publicfile for static HTTP files, and another
server for dynamic HTTP files.

---Dan
Received on Jul 02 2000

This message: [ Message body ]
Next message: Andrew Lewis: "FTGate and POP3 protocol"
Previous message: Ofir Arkin: "ICMP Usage In Scanning - Research Paper"
Maybe in reply to: Valdis Kletnieks: "Re: ftpd: the advisory version"
Next in thread: Carson Gaspar: "Re: ftpd: the advisory version"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]