Re: FTPd recommendation?
Quoting Iantcho Vassilev [EMAIL PROTECTED]: My vote goes to PureFtpd.. It`s ideal server.. But is not *nearly* as secure as vsftpd. On 5/4/06, N.J. Thomas [EMAIL PROTECTED] wrote: * Noah [EMAIL PROTECTED] [2006-05-04 05:48:40 -0800]: What are people using for their ftpd these days? I am looking for something easy to initiailize, configure, and is very secure. Another vote for vsftpd: http://vsftpd.beasts.org/ Trivial to setup/configure, very secure. In addition to all of the normal security features that vsftpd offers, we turn on the pasv_min_port/pasv_max_port options to restrict the download ports, it's a nice feature. (I attended an Apache/FTP security lecture in the Bay Area a couple of years ago (2002/2003) at one of the local user groups there -- the speaker was testing out his talk on us before he gave it at some Usenix/SAGE conference. The ftp portion was a howto on securing wu-ftpd, but before he started, he said point blank that if you didn't need anonymous uploads, to just use vsftpd.) Thomas -- N.J. Thomas [EMAIL PROTECTED] Etiamsi occiderit me, in ipso sperabo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] - FreeBSD 5.4-RELEASE-p12 (SMP - 900x2) Tue Mar 7 19:37:23 PST 2006 / pgpopmtaDJHFT.pgp Description: PGP Digital Signature
Re: FTPd recommendation?
Chris H. wrote: Quoting Iantcho Vassilev [EMAIL PROTECTED]: My vote goes to PureFtpd.. It`s ideal server.. But is not *nearly* as secure as vsftpd. Hi, I'm curious - do you have any empirical evidence to support this? A trawl of a few vulnerabilty databases would suggest your comment is not entirely accurate. NVD NIST [1] shows 4 entries for vsftpd (latest 2005-12) , 1 for pureftpd (latest 2004-08) SecurityFocus [2] shows 1 entry for vsftpd (latest 2004-05), 2 for pureftpd (latest 2004-07) ISS X-Force [3] shows entries 3 for vsftpd (latest 2004-05), for 1 pureftpd (latest 2004-07) Regards, Jase. [1] http://nvd.nist.gov/nvd.cfm [2] http://www.securityfocus.com/vulnerabilities [3] http://xforce.iss.net/xforce/search.php ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FTPd recommendation?
On Sun, 14 May 2006 11:29:21 +0100 Jase Thew [EMAIL PROTECTED] wrote: I'm curious - do you have any empirical evidence to support this? 'scuse me, boys, could you please take this off the freebsd-stable list? The discussion has wandered off-topic for this list... -- Regards, Torfinn Ingolfsen, Norway ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FTPd recommendation?
My vote goes to PureFtpd.. It`s ideal server.. On 5/4/06, N.J. Thomas [EMAIL PROTECTED] wrote: * Noah [EMAIL PROTECTED] [2006-05-04 05:48:40 -0800]: What are people using for their ftpd these days? I am looking for something easy to initiailize, configure, and is very secure. Another vote for vsftpd: http://vsftpd.beasts.org/ Trivial to setup/configure, very secure. In addition to all of the normal security features that vsftpd offers, we turn on the pasv_min_port/pasv_max_port options to restrict the download ports, it's a nice feature. (I attended an Apache/FTP security lecture in the Bay Area a couple of years ago (2002/2003) at one of the local user groups there -- the speaker was testing out his talk on us before he gave it at some Usenix/SAGE conference. The ftp portion was a howto on securing wu-ftpd, but before he started, he said point blank that if you didn't need anonymous uploads, to just use vsftpd.) Thomas -- N.J. Thomas [EMAIL PROTECTED] Etiamsi occiderit me, in ipso sperabo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
