Bugtraq mailing list archives
Re: trojans on ftp sites
From: PAUL () tdr com (Paul Robinson)
Date: Sat, 14 May 1994 22:53:01 -0400 (EDT)
From: Paul Robinson <PAUL () TDR COM> Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- Brent Chapman <brent () greatcircle com>, writes:
The problem is, how would the Archie servers determine the checksums? The Archie servers don't download all the files; they merely connect to each FTP server and get a recursive directory listing, which they then massage into their database. To get the checksums, they'd either have to download every file (very impractical, given the amount of stuff out there), or get the checksum info from the FTP server they're talking to. There's currently no standard way (hell, there's not even any reasonably COMMON way) to get checksum info from FTP servers.
Which brings up another question: WHICH checksum do they use?
Most useful, say, for MSDOS clients would be the CRC-32 checksum which is
used by Zmodem and PKZIP, and a file stored in a Zip archive, if checked
on a file, would match.
On a Unix site, the two-word result from 'sum' would be appropriate and
most useful.
For other places, MD5 would be better and provides a stronger check than
CRC-32.
So which do you use, and how do you know which of these you are getting?
And how do we get a CRC request added to the list of FTP commands, or
the data supplied from them?
---
Paul Robinson - Paul () TDR COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy () psg com>
-----
The following Automatic Fortune Cookie was selected only for this message:
Lassie looked brilliant, in part because the farm family she
lived with was made up of idiots. Remember? One of them was always
getting pinned under the tractor, and Lassie was always rushing back to
the farmhouse to alert the other ones. She'd whimper and tug at their
sleeves, and they'd always waste precious minutes saying things: "Do
you think something's wrong? Do you think she wants us to follow her?
What is it, girl?", etc., as if this had never happened before, instead
of every week. What with all the time these people spent pinned under
the tractor, I don't see how they managed to grow any crops
whatsoever. They probably got by on federal crop supports, which
Lassie filed the applications for.
-- Dave Barry
Current thread:
- Re: trojans on ftp sites der Mouse (May 14)
- Re: trojans on ftp sites Peter Deutsch (May 14)
- <Possible follow-ups>
- Re: trojans on ftp sites Paul Robinson (May 14)
- Re: your mail Christopher Klaus (May 14)
- Re: trojans on ftp sites smb () research att com (May 14)
- Re: your mail John Macdonald (May 16)
- Re: your mail Steven C. Blair (May 16)
- Re: your mail John Macdonald (May 16)
- Re: your mail Christopher Klaus (May 16)
- Re: your mail Adam Shostack (May 16)
- Re: your mail John Macdonald (May 16)
- Checksums in FTP servers. Scott Northrop (May 16)