On Thu, 6 Jul 2000, Kenneth E. Lussier wrote:
> Dispite the claims that ftp and telnet are only dangerous because of the
> clear-text passing of usernames and passwords, there are other dangers.
> Some telnet and ftp daemons have remote exploits, root-shell buffer
> overflows, etc.
:-P Anything that runs as root can fall victim to such attacks. Including
SSH.
That being said, the default FTP daemon that ships with many free Unixes,
wu-ftpd, seems to have had more then its fair share of security holes. (In
the words of Security Portal, "Providing remote root access since 1994".)
ProFTPd seems to have a better record, and it is certainly a much more
powerful tool. Easier to configure, too. If you have to support cleartext
FTP, it would seem like a good choice. Anyone else here have opinions on the
subject? I've just started checking out ProFTPd recently, so I'm interested.
(And yes, there are reasons to support regular FTP, but you should make sure
you restrict access properly and don't allow accounts which access FTP to
access anything else.)
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
