|
Security Incidents
mailing list archives
Re: ano () ano com ftpd dip.t-dialin.net
From: "Rainer Duffner" <rainer () ultra-secure de>
Date: Thu, 07 Nov 2002 17:02:49 +0000
Ralf G. R. Bergs writes:
On Wed, 06 Nov 2002 16:50:13 -0500, Owen McCusker wrote:
[...]
Has anyone else seen this type of activity from dip.t-dialin.net
or dipsters for short. ;-)?
t-dialin.net is the domain under which surfers from Deutsche Telekom's
T-Online service operate (though not exclusively, IIRC).
t-dialin also includes ADSL-lines, so there are likely to be some
warez-d00dez behind them.
Sure, I see it all day.
What they're trying to achieve is determine whether you have an "open"
FTP
server which allows them to store "warez" and download them again.
A simple countermeasure against this is to give files that are uploaded
to your "incoming" directory permissions so that anonymous users can't
access them anymore. You can even prohibit them from reading the
directory's contents so that they don't even see which files are stored
inside the directory.
I haven't checked other platforms, but FreeBSD's ftpd allows for a
"incoming-only" mode, where people can't get anything from your server.
If you must have uploads, think about using that.
As a bonus, you might be able to collect the dropped warez at the end of the
business day without hassle ;-)
cheers,
Rainer
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner Munich
rainer () ultra-secure de Germany
http://www.i-duffner.de Freising
========================================
When shall we three meet again
In thunder, lightning, or in rain?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
|
Intro
