Re: port scans

Moe Trin wrote:
On Wed, 24 Feb 2010, in the Usenet newsgroup comp.security.firewalls, in
article<hm32c1$d0n$5@xxxxxxxxxxxxxxxxxxxxxxxxxx>, Rick wrote:

Moe Trin wrote:

Rick wrote:

One more thing however, it only took 15 minutes from the first use of
the ftp server before these, let's call 'em probes, started. ONce upon
a time (before sonicwall) they would try a username-password script.

As for the username-password stuff - be glad you aren't running a
publicly visible SSH server on port 22. They get pounded trying all
kinds of common usernames/passwords.

So moving to sftp would not help - is that what you're saying?

Depends on what you are doing with FTP. There are tens of thousands
of FTP sites on the Internet that allow anonymous downloads. I don't
do windoze, but for Linux, you should be aware of places like ibiblio.org
(the former sunsite.unc.edu, which was renamed metalab.unc.edu before
it's current rename), 'distro.ibiblio.org' and the site specific to your
Linux distribution. These sites are giving software/files away, and all
you need is the username ('ftp' or 'anonymous') and your email address
as password. Nothing to hide or secure, so FTP is fine.

Other sites restrict access to specific users, and may even allow
uploads. For this, FTP is less suitable, primarily because the
username and password go over the net as clear text - visible to
anyone using a packet sniffer. 'sftp' or similar protocol using
encrypted networking, is a more robust solution.

Still other sites have even tighter restrictions. For that, one-time
authentication methods (often involving security tokens like SecurID
(Security Dynamics Co - now rsa.com) or CryptoCard (cryptocard.com)
or similar are more desirable.

It's a bit dated, but see "Practical UNIX and Internet Security, Third
Edition" by Garfinkel, Spafford, and Schwartz (O'Reilly and Associates,
ISBN 0-596-00323-4, 984 pgs, Feb. 2003, US$55).

Old guy

Thanks for the info and the reference.

It's clear from logs that they do not know my ftp server is <username> "anonymous" but requires any email address in the <password> field! So they keep trying to find the above. So I conclude that they do not really know much about it. And it has no classified info, ever, so my concern is strictly theoretical.


.

Relevant Pages

  • CARTSA-2001-03 Meteor FTPD 1.0 Directory Traversal
    ... "Meteor FTP is a personal FTP server designed for the Microsoft Windows ... "Be aware that any FTP server can present security vulnerabilities on the ...
    (Bugtraq)
  • RE: firewalls that can ssl ftp?
    ... that true ssl ftp server and stunnel are 2 different things ... stunnel will provide a wrapper around plane text protocals like telnet and ftp and make encrypt it. ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
    (Security-Basics)
  • Re: FTP on IIS6.0 Not Working
    ... > 220 Microsoft FTP Service ... > 331 Password required for username. ... > 200 PORT command successful. ... > 150 Opening ASCII mode data connection for /bin/ls. ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: FTP on IIS6.0 Not Working
    ... 220 Microsoft FTP Service ... 331 Password required for username. ... 200 PORT command successful. ... 150 Opening ASCII mode data connection for /bin/ls. ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: General setup problem
    ... account, and it will not let me on. ... Even with anonymous ftp, you still need to enter username as ... My goal is to creat a FTP site that would require domain user ...
    (microsoft.public.inetserver.iis.ftp)