IP addresses can be spoofed. But that's only useful for a single packet payload (e.g. opening connections for a DoS attack, or a single packet exploit).
It's not useful for a brute force attack, or uploading warez etc. Why? Because the FTP server needs to communicate with the actual end host. And if the end host has "spoofed" it's IP address (assuming that all the routers in between co-operate with the spoofed "source" address), then the FTP server will send back a response to the spoofed address, not the actual address that the attacker has. Whilst address spoofing is definitely an issue, I don't think it's real issue here. Cheers Ken -----Original Message----- From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Saturday, 5 January 2008 12:08 AM To: NT System Admin Issues Subject: RE: which is more secure? I do like Ken's idea about IP restrictions, but we know even IP's can be spoofed) Z -----Original Message----- From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Thursday, January 03, 2008 10:00 PM To: NT System Admin Issues Subject: RE: which is more secure? More secure against what threat? Some external user guessing a username/password? Probably the second option. But given that Windows Server 2000 is now out of extended support, I don't really have that much confidence in either option. But another option would be to put the FTP server into the DMZ, and create two FTP sites. One is read-only, and can be accessed by anyone. The second is read/write, but you use IP restrictions to ensure that only users on your internal network are able to connect to it Cheers Ken ________________________________________ From: roger rabus [EMAIL PROTECTED] Sent: Friday, 4 January 2008 11:58 AM To: NT System Admin Issues Subject: which is more secure? hi everyone, Please help me determine which is more secure? 1. a Windows 2000 server set up for read/write Ftp that is in the DMZ with only access thru a firewall both to the inside network and the internet. Some users will have read/write while most will have read only as defined by windows file security access. 2. a Windows2000 server setup for read only Ftp access thru the firewall. internal users will place files on the server via a file sharing via a separate network interface to the server. External users will only have read only ftp access to files. Roger Rabus Logical Solutions ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
