|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: ftpd: the advisory version
From: D. J. Bernstein (djb
CR.YP.TO)Date: Sat Jul 01 2000 - 09:23:27 CDT
- Next message: Andrew Lewis: "FTGate and POP3 protocol"
- Previous message: Ofir Arkin: "ICMP Usage In Scanning - Research Paper"
- Next in thread: Carson Gaspar: "Re: ftpd: the advisory version"
- Maybe reply: D. J. Bernstein: "Re: ftpd: the advisory version"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Clients should not---and, as far as I know, do not---check the source
TCP port for active connections from the server. See
http://cr.yp.to/ftp/security.html
for further comments on FTP protocol security issues.
Please note that publicfile isn't just for sites where ``all you need is
anonymous FTP.'' You can run publicfile as your anonymous FTP server,
and run a non-anonymous FTP server on another port or IP address. (Many
of wuftpd's security holes have required the attacker to log in first.)
Similarly, you can use publicfile for static HTTP files, and another
server for dynamic HTTP files.
---Dan
- Next message: Andrew Lewis: "FTGate and POP3 protocol"
- Previous message: Ofir Arkin: "ICMP Usage In Scanning - Research Paper"
- Next in thread: Carson Gaspar: "Re: ftpd: the advisory version"
- Maybe reply: D. J. Bernstein: "Re: ftpd: the advisory version"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]