Security Basics mailing list archives

Re: Monitored.By.hAcxFtpScan

From: Thomas Sjögren <thomas () northernsecurity net>
Date: Fri, 6 Dec 2002 11:31:52 +0100

On Wednesday 04 December 2002 15.30, Gene Barlow wrote:

 Later, I
discovered that "they" turned my FTP server into a 0day FTP site - so
watch out, you may shortly be distributing illegal software and not
know it.  
It was a great experience to observe this, just be careful
that you don't unintentionally do anything illegal.


One approach is to only allow access to the server without the option of 
uploading/downloading anything while logging connections.

Another approach is to substitute the uploaded files with junk.
For example: movie.iso  has been uploaded on your server, you create a 
file named movie.iso2 with the same size and info as the original file 
but completly useless, remove movie.iso, rename movie.iso2 to original 
file name. 

/Thomas
-- 
thomas () northernsecurity net
thomas () se linux org

Current thread:

Monitored.By.hAcxFtpScan James McGee (Dec 03)
- Re: Monitored.By.hAcxFtpScan Gene Barlow (Dec 05)
  - Re: Monitored.By.hAcxFtpScan Thomas Sjögren (Dec 06)
- Re: Monitored.By.hAcxFtpScan news (Dec 05)
- <Possible follow-ups>
- RE: Monitored.By.hAcxFtpScan Krueger Lawrence (Dec 04)
- Monitored.By.hAcxFtpScan charles lindsay (Dec 04)
- Re: Monitored.By.hAcxFtpScan Joris De Donder (Dec 04)
  - Re: Monitored.By.hAcxFtpScan Thomas Sjögren (Dec 05)
- re: Monitored.By.hAcxFtpScan H C (Dec 04)
- Re: Monitored.By.hAcxFtpScan khayes (Dec 06)