[unisog] Re: SUMMARY: Well-Managed Anon FTP site, what it is

Jose Nazario jose at biocserver.BIOC.cwru.edu
Tue Nov 6 17:02:08 GMT 2001


On Tue, 6 Nov 2001, Jeff Bollinger wrote:

> Yes this has been a great discussion, and I'm glad people realize the
> dangers of Anon-FTP.  Does anyone have this up on the web?

aside from vendor docs (which are highly reccomended to be read), CERT put
together in their old tech tips some reccomendations:

http://www.cert.org/tech_tips/anonymous_ftp_abuses.txt
http://www.cert.org/tech_tips/anonymous_ftp_config.txt
http://www.cert.org/tech_tips/usc20_full.html#10.0
http://www.cert.org/tech_tips/ftp_port_attacks.html
	(ie PORT abuses, bounce attacks)

i hope this helps. note that wu-ftpd has fallen into heavy disfavor for
good reason. the code has glaring security holes still. however, the
configuration methods have been adopted by a number of decendants of
wu-ftpd.

____________________________
jose nazario						     jose at cwru.edu
	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)



More information about the unisog mailing list