Re: NT4, IIS4 FTP service. Yawn.

From: Thor@HammerofGod.com
Date: 10/31/01 

From: Thor@HammerofGod.com
To: VULN-DEV@SECURITYFOCUS.COM, Ian.Kayne@softlab.co.uk
Message-ID: <01cb01c16227$6ec511a0$af05a8c0@anchorsign.com>
Subject: Re: NT4, IIS4 FTP service. Yawn.
Date: Wed, 31 Oct 2001 08:16:38 -0800

This is because only the FTP service is installed: See Q269241

<snip>
SYMPTOMS
========
When you log into FTP anonymously, the following error message may occur:
c:\ftp ftp.someserver.com
Connected to ftp.someserver.com.
220 someserver Microsoft FTP Service (Version 4.0).
User (ftp.someserver.com:(none)): anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
Password:
530 User someuser@microsoft.com cannot log in.
Login failed.
ftp>

CAUSE
=====
If the World Wide Web Server component is removed during the installation of
the
Windows NT Option Pack, anonymous FTP login fails because automatic password
synchronization relies on a DLL that is uninstalled with the World Wide Web
Server component.

RESOLUTION
==========
Reinstall the World Wide Web Server component from the Windows NT Option
Pack setup.
If the service is not needed, disable the services in Control Panel
Services.

MORE INFORMATION
================
Password synchronization is a sub-authentication process used by Internet
Information Server. This functionality is provided by the Iissuba.dll file.
This DLL is uninstalled when the World Wide Web Server component is removed,
which in turn causes anonymous FTP login to fail if the Enable Automatic
Password
Synchronization option is checked in the Security settings for the FTP
service.

For additional information on Password Synchronization and the
sub-authentication process, click the article numbers below to view the
articles in the
Microsoft Knowledge Base:

Q216828 Password Synchronization/Allow IIS to Control Password
Q218756 Logon Privileges Required for Anonymous Access

</snip>

hth
AD

----- Original Message -----
From: "Kayne Ian (Softlab)" <Ian.Kayne@softlab.co.uk>
To: "Vuln-Dev" <VULN-DEV@SECURITYFOCUS.COM>
Sent: Wednesday, October 31, 2001 1:56 AM
Subject: NT4, IIS4 FTP service. Yawn.

> Hey all,
> Noticed something a little odd. It may have potential, already been
> noticed, or it may be a dead end...
>
> NT4 SP6a, IIS 4 with hotfixes. Only the FTP service installed. I created a
> new FTP site, and set the Enable Anynomous Access and Allow Only Anonymous
> options. The anon account was set to the standard IUSER account.
>
> FTP'd to the machine, and tried to log in as anonymous, password
"password".
> This is what happened:
>
> ------------------------------------
> c:\>ftp x.x.x.x
> Connected to x.x.x.x.
> 220 xxxxxxx Microsoft FTP Service (Version 4.0).
> User (x.x.x.x:(none)): anonymous
> 331 Anonymous access allowed, send identity (e-mail name) as password.
> Password:
> 530 User (password) cannot log in.
> Login failed.
> ------------------------------------
>
> Notice that? Whatever password I typed in for the anonymous account was
> echo'd back to the screen in plain text on the 530 error message.
>
> Of course, your next question will be, why is the anonymous account
> rejecting a login password? Good point, it seemed that the IIS password
> synchronization feature had broken itself.
>
> As I said, it may be nothing, but it seems strange to me that the password
> should be echo'd to screen in plaintext.
>
> Ian Kayne
> Technical Specialist - IT Solutions
> Softlab Ltd - A BMW Company
>
>
>
> ********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom
> they are addressed.
>
> If you are not the intended recipient or the person responsible for
> delivering to the intended recipient, be advised that you have received
> this email in error and that any use of the information contained within
> this email or attachments is strictly prohibited.
>
> Internet communications are not secure and Softlab does not accept
> any legal responsibility for the content of this message. Any opinions
> expressed in the email are those of the individual and not necessarily
> those of the Company.
>
> If you have received this email in error, or if you are concerned with
> the content of this email please notify the IT helpdesk by telephone
> on +44 (0)121 788 5480.
>
> ********************************************************************

Relevant Pages

  • Re: Unknown Network Attack
    ... I enabled the Windows Firewall and poked holes for HTTP, FTP, ... >> on the FTP service just fine using Internet Explorer's FTP service, ... >> how I can restore things. ...
    (microsoft.public.windows.server.networking)
  • Re: Unknown Network Attack
    ... I enabled the Windows Firewall and poked holes for HTTP, FTP, ... >> on the FTP service just fine using Internet Explorer's FTP service, ... >> how I can restore things. ...
    (microsoft.public.windows.server.networking)
  • Re: Yet another thread on the legality of port scanning
    ... Semantics - I was trying to stay within the scope of the previous ... which were straying wildly away from port scanning. ... and any FTP service running on that box ...
    (Security-Basics)
  • Re: ftp interruption during screensaver
    ... >Now under XP, evry time the screensaver goes on or when someone signs off, we ... >cannot ftp to thie machine. ... If FTP service is unavailable when the screensaver goes on, ... Fax/Voice +1258-9858 | read details of WFTPD Pro for NT. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Publisher and 1&1
    ... Problem 1: Received the following error message: "This error message is ... change the FTP proxy settings to allow access ... To use Publisher read the following article: ... 1&1 is not really clear about how and where to upload your files. ...
    (microsoft.public.publisher.webdesign)