[48041] in North American Network Operators' Group
Re: DoS on ftp port
daemon@ATHENA.MIT.EDU (David Charlap)
Tue May 21 12:54:56 2002
Message-ID: <3CEA7BBF.3115F609@marconi.com>
Date: Tue, 21 May 2002 12:54:23 -0400
From: David Charlap <David.Charlap@marconi.com>
MIME-Version: 1.0
To: NANOG <nanog@merit.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Rob Thomas wrote:
>
> There is a huge increase in FTP scanning as well as the building of
> warez botnets. The warez scanning is generally for anonymous FTP
> servers with plentiful bandwidth, copious disk space, and generous
> write permissions. ...
One things I know of that helps here is to make sure you never have a
single directory that is both readable and writeable to an anonymous
user.
In general, restrict writing to users with logins and passwords. If you
must have an anonymous-write directory (like an incoming folder), make
sure that that directory is not also readable by anonymous users.
This probably won't eliminate all the abuse, but it should make it
impractical enough that the warez servers will probably start looking
elsewhere.
-- David
