[Dshield] (no subject)

Clint Byrum cbyrum at erp.com
Thu Nov 29 01:07:39 GMT 2001


On Tue, 2001-11-27 at 16:19, Sean Graham wrote:
> why do you wish to run an FTP with open access in the first place?
> 
> Usually I have seen that people just mark the Uploads directory Write-Only, 
> but with list, and that's the only place with write access.  You can upload 
> all you want, and see what you've uploaded, but only users with accounts 
> can download anything that has been uploaded (or they must wait until you 
> move it out of the upload directory).  Wouldn't this be a simpler way to 
> control it?
> 

A better question is, why are you letting users log in via ftp? The
password is sent cleartext. With the recent increases in breaches at
ISP's due to script kiddiez targetting routers, this should be of major
concern. Am I the only person who cares about sniffable connections?

<snip>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20011128/18dd398a/attachment.bin


More information about the list mailing list