Re: **Secure** Ftp server

From: Undisclosed (nomail_at_dontbeaweaselspammer.com)
Date: 07/28/04

• Next message: Ralph A. Jones: "Re: **Secure** Ftp server"
• Previous message: An Metet: "Re: Do not use SAFEBOOT - Another weekly repeat bitch post from same clueless user"
• In reply to: michele: "**Secure** Ftp server"
• Next in thread: Ralph A. Jones: "Re: **Secure** Ftp server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 28 Jul 2004 00:02:04 -0400

michele wrote:

> Hi, i'm searching for a secure (i.e. without exploits or security holes) for
> use in my windows server. I've take a look to serv-u or cerberus ftp, but
> they are full of exploits!
> Can anyone suggest me a secure (or the more secure) ftp server to use?
> Thanks
> Michele
>
>

I'm not going to touch the Windows vs. Unix vs. blah debates with a 10
foot pole, or touch on how to secure your box.

I'm just going to talk about FTP software.

PureFTPD (for general-purpose FTP) and vsftpd (for anonymous FTP) are
probably the only two truly "secure" FTP daemons out there..

one was written from scratch with security in mind, the other was based
on a solid codebase and further ripped apart and had significant parts
rewritten for security by a security-minded developer.

unfortunately, both are written to conform to POSIX standards.. which
means it's difficult to run these on Windows, since Windows POSIX
support is mainly an afterthought.

I don't know of any equivalent programs for Windows.

people are mentioning FileZilla Server.... I have no idea how secure
that is.

it's not widely used, and I have no idea how well it's been audited.

it doesn't have a lot of advisories out on it, but that really means
nothing. It might just not be popular enough for someone to bother with
yet... then, as it gets bigger, someone will find a ton of vulns in it.

---

• Next message: Ralph A. Jones: "Re: **Secure** Ftp server"
• Previous message: An Metet: "Re: Do not use SAFEBOOT - Another weekly repeat bitch post from same clueless user"
• In reply to: michele: "**Secure** Ftp server"
• Next in thread: Ralph A. Jones: "Re: **Secure** Ftp server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: [OT] M$ collaborates with Suse ... Most hosting facilities do allow FrontPage and/or FTP access...FrontPage ... Remote Administration to an actual server can be done with a Terminal ... Secure Administration on the inside can be done with Scripting. ... decent free SSH Servers out there for Windows and I like freeSSHd. ... (Debian-User) Re: Problem about Window Xp SP2 firewall and the buildin FTP command ... Problem about Window Xp SP2 firewall and the buildin FTP ... I find a problem that if running multiple FTP command at the same ... Windows XP SP2 to limit Max Connections/sec ... (microsoft.public.windowsxp.general) Problem about Window XP SP2 firewall and the buildin FTP command ... Problem about Window Xp SP2 firewall and the buildin FTP ... I find a problem that if running multiple FTP command at the same ... Windows XP SP2 to limit Max Connections/sec ... (microsoft.public.windowsxp.perform_maintain) Re: Problem about Window Xp SP2 firewall and the buildin FTP command ... I copy your example ftp command file to a.txt saved in C:\dell folder. ... I cannot turn off Windows Firewall, since it is controlled by Domain ... (microsoft.public.windowsxp.general) Re: Poor performance using QNTC any suggestions ... server running Windows file sharing. ... I'm using the qshell cp command to copy the spool file. ... If I go to a pc, map a drive to the Windows server and FTP the file ... (comp.sys.ibm.as400.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > alt.computer.security  > 2004-07