ftpd's

Discussion in 'Computer Science & Culture' started by Bachus, Feb 18, 2003.

Thread Status:
Not open for further replies.
  1. Bachus

    Bachus Registered Senior Member

    Messages:
    1,271
    I am currently running a bsd server and would like to run an ftpd. I've checked my ports and saw alot of different ftpd's there. Does anyone know which ftpd is good for freebsd?
     
    Bachus, Feb 18, 2003
    #1

  2. Google AdSense Guest Advertisement



    to hide all adverts.
  3. Stryder

    Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,105
    There are a few different ones that I've looked at:

    My friend ran a WU-FTP server, and swears blind by it, but you can look at the bug reports on it to know about the security issues.

    I ran for a time a Proftpd server, I prefered this one to WU_FTP. The configuration was easy enough, but there are many security notes you should look at:

    For instance, Granting anonymous user/groups is a bad thing on any ftp server, as it can allow people to access your server and potentially scope out the folder structure (and sometimes even get password files) from a system.

    There is a method of altering the folder structure, but you have to go to the folder below the one you want users to access. You then have to CHMOD the folder your in (.)



    771 (-rwxrwx--x) or
    773 (-rwxrwx-wx)

    The idea is you remove "READ" privileges for "OTHERS" from the folder and potentially the folders below that. (..)

    The reason you might use 773 is that some "Others" might want CGI access where something is Written, or Executed. (The system doesn't need to "read", I've previously tested this. and had it so that no folder below where my FTP server was allowed was "shown")

    Note how ever that user on your system 7-- and groups on your system -7- aren't effected.

    On proftpd I used "Aliases", this is where you set up a different username and password to the users on the system for logging in. (This lowers the chance that weak passwords are found)

    I personally deleted the FTP Help file on Proftpd (left it a blank file) this was just to lower the amount of information available to anyone that I didn't want looking in.

    I also used SHUTFTP NOW (or some similar command), this causes proftpd to drop a file in your /etc folder called shutmsg which while in existance stops your FTP server from allowing people to connect. (It gives them a message saying the server is down.

     
    Stryder, Feb 19, 2003
    #2

  4. Google AdSense Guest Advertisement



    to hide all adverts.
  5. Bachus

    Bachus Registered Senior Member

    Messages:
    1,271
    Security is not really an issue. I always disable anonymous access

    Please Register or Log in to view the hidden image!



    further i saw WU_FTPD also came in an ipv6 mode, should i take that one?
     
    Bachus, Feb 19, 2003
    #3

  6. Google AdSense Guest Advertisement



    to hide all adverts.
  7. Stryder

    Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,105
    It's difficult to say. I mean I would go with Proftpd purely because I found it the easier of the two and less bugged/DoS'd.

    If your running your own network, and you have already implimented IPv6 throughout your systems then go with WU. (Although I'm sure it's the whole Wu Tang appeal that gets you.)

    I've been using Sendmail and I always find that although IPv6 is applied, sometimes errors come up in the logs about servers not being IPv6 compatible, but the system just drops back to IPv4 for them.

    Just remember that FTP isn't an encrypted connection by default although some servers support SSL (Secure Socket Layers). You might try having a search on using SSH (Secure Shell) with the FTP server.

    (This is something I should of mentioned in the security section, but it will allow you to connect to your FTP server and not have someone capture a plain text password being shifted between you and the server)
     
    Stryder, Feb 19, 2003
    #4
  8. Bachus

    Bachus Registered Senior Member

    Messages:
    1,271
    I go with proftpd i just need to figure out which ports it uses. I know port 20 and 21 but i heard ftpd also uses random ports > 1024. Bleh ftpd behind nat is in that case alot of work

    Please Register or Log in to view the hidden image!

     
    Bachus, Feb 20, 2003
    #5
  9. Stryder

    Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,105
    I think I know what you mean about the extra port.

    I think it works like this:

    If you have an FTP daemon on port 21, it allows so many sessions to be open (instances of the daemon) before it stops people accessing.

    (This involves a "Parent" session, to be "forked" which basically means split, into "Child" instances. The idea is if a "child" instance crashes/closes it doesn't totally kill/close your daemon.)

    When you access port 21 with a Telnet client or a FTP client, you'll be asked to supply the information you need to login (user/pass).
    Once you do that your Daemon is altered (PASV), it moves to a dynamically assigned port number higher in your port range.

    This allows you to transfer files on a different port number, and causes the daemon to no longer register your session as one of your assigned maximum sessions.

    Most firewalls work on the principle of not allowing Incoming connections, but will allow outgoing connections to be made.

    If your having problems with NAT, check this:

    http://proftpd.linux.co.uk/localsite/Userguide/linked/config_ref_PassivePorts.html

    You just have to allow external access for port 21 and the passive port(s)/range that you specify.

    For the full NAT configuration information:

    http://proftpd.linux.co.uk/localsite/Userguide/linked/config-nat.html
     
    Stryder, Feb 23, 2003
    #6
Thread Status:
Not open for further replies.

Share This Page