FTP tagging

From: Garcia Turegano, Victor (vTuregano@optiglobe.com.mx)
Date: 05/08/02 

Date: Tue, 7 May 2002 17:38:34 -0500
From: "Garcia Turegano, Victor" <vTuregano@optiglobe.com.mx>
To: <focus-ms@securityfocus.com>

Recently I've encountered this problem. I thought that I have covered all the weak spots. Obviously not! Can someone give me pointers or tell me why is this happenning?

I have a Windows 2000 Pro Box with FTP Service installed and all patches listed by HFNetChk. I use ADSL to connect it to the Internet.

This FTP has Anonymous access enabled as well as authenticated. It has Read and Write permissions enabled in the IIS Console Propoerties page.

I decided to control Read & Write access via NTFS and these are the permissions I have in the FTPROOT folder.
Administrators = Full Control
System = Full Control
Users = Modify
IUSR_name = Read

The thing is that people logging anonymously are being able to create directories and files and to delete them.
Here's a part of the FTP log that shows it:

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2002-05-03 14:13:03
#Fields: date time c-ip cs-username s-sitename s-computername s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie) cs(Referer)
2002-05-03 14:13:03 80.14.189.197 anonymous MSFTPSVC1 CLAIRE 200.67.149.201 21 [15]USER anonymous - 331 0 0 0 0 FTP - - - -
2002-05-03 14:13:03 80.14.189.197 Ugpuser@home.com MSFTPSVC1 CL 200.67.149.201 21 [15]PASS Ugpuser@home.com - 230 0 0 0 180 FTP - - - -
2002-05-03 14:13:05 80.14.189.197 Ugpuser@home.com MSFTPSVC1 CL 200.67.149.201 21 [15]MKD 020503161000p - 257 0 0 0 0 FTP - - - -
2002-05-03 14:13:05 80.14.189.197 Ugpuser@home.com MSFTPSVC1 CL 200.67.149.201 21 [15]RMD 020503161000p - 250 0 0 0 0 FTP - - - -
2002-05-03 14:13:07 80.14.189.197 Ugpuser@home.com MSFTPSVC1 CL 200.67.149.201 21 [15]closed - - 426 170 0 0 420 FTP - - - -

WHAT AM I MISSING?
Does someone has a nice FTP response translator?

V i c t o r S G a r c i a T u r e g a n o

Relevant Pages

  • Re: FTP proxy question
    ... j> Haven't seen any other FTP commands messed up. ... Read TELNET protocol specifications. ... FTP standard requires FTP control connection to support TELNET ...
    (comp.unix.programmer)
  • Re: File Selector
    ... You can check with your provider if they offer an FTP Server. ... > Posted To: microsoft.public.frontpage.addins> Conversation: File Selector ... I picture this> with check boxes, and control over sorting, and perhaps> options to display some of the files attributes also. ...
    (microsoft.public.frontpage.addins)
  • Re: Send Files To FTP - Cant use Internet Transfer Control ActiveX
    ... Is it possible to FTP from Excel using VBA? ... One alternative would be to use an ActiveX control to add FTP functionality. ... Everything I've read tells me I need MS Internet Transfer Control and it's really easy! ... I believe it's because I need a developer licence for Excel. ...
    (microsoft.public.excel.programming)
  • always exactly 100s to establish connection...why??
    ... this control is very similiar to FTP client program. ... it always takes exactly 100s to establish connection with the server. ... private void OpenConnection ...
    (microsoft.public.dotnet.languages.csharp)
  • Always takes 100s to establish connection...why??
    ... this control is very similiar to FTP client program. ... it always takes exactly 100s to establish connection with the server. ... private void OpenConnection ...
    (microsoft.public.dotnet.general)