If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
What's a good FTP server software?
|
#2
|
|||
|
|||
On Thu, 28 Aug 2003 22:45:16 GMT, "FuzionMan"
wrote: What's a good free FTP server that I could download? I tried asking this in the software NG but nobody has responded yet. Thanks guys... What OS? Linux has it free, as does Win2k & Winxp pro (can' remember about home right now). |
#3
|
|||
|
|||
Sorry about that, Win 2k Pro. Just bought it and I'm still learning it...I
didn't know it had a FTP serv included?? Can you give me some details?? I looked through the Start menu but didn't see anything... -- ---------------------------------------------- Jason Roner "Jim Turner" wrote in message s.com... On Thu, 28 Aug 2003 22:45:16 GMT, "FuzionMan" wrote: What's a good free FTP server that I could download? I tried asking this in the software NG but nobody has responded yet. Thanks guys... What OS? Linux has it free, as does Win2k & Winxp pro (can' remember about home right now). |
#4
|
|||
|
|||
FuzionMan wrote:
Sorry about that, Win 2k Pro. Just bought it and I'm still learning it...I didn't know it had a FTP serv included?? Can you give me some details?? I looked through the Start menu but didn't see anything... http://www.doxpara.com/read.php/security/ms_ftp_fw.html I wouldn't trust a MS ftp server to be secure.. -- Stacey |
#6
|
|||
|
|||
Nevermind guys, I found out how to set up the FTP...
But can anyone answer the question on my last post before this one? -- ---------------------------------------------- Jason Roner "FuzionMan" wrote in message news Sorry about that, Win 2k Pro. Just bought it and I'm still learning it...I didn't know it had a FTP serv included?? Can you give me some details?? I looked through the Start menu but didn't see anything... -- ---------------------------------------------- Jason Roner "Jim Turner" wrote in message s.com... On Thu, 28 Aug 2003 22:45:16 GMT, "FuzionMan" wrote: What's a good free FTP server that I could download? I tried asking this in the software NG but nobody has responded yet. Thanks guys... What OS? Linux has it free, as does Win2k & Winxp pro (can' remember about home right now). |
#7
|
|||
|
|||
On Thu, 28 Aug 2003 20:27:26 -0400, Stacey wrote:
FuzionMan wrote: Sorry about that, Win 2k Pro. Just bought it and I'm still learning it...I didn't know it had a FTP serv included?? Can you give me some details?? I looked through the Start menu but didn't see anything... http://www.doxpara.com/read.php/security/ms_ftp_fw.html I wouldn't trust a MS ftp server to be secure.. No ftp server is "secure". That is just the nature of the beast. You can do ftps, which uses ssl for security, but everything on plain FTP is passed in plaintext, even passwords. Best you can do is make your FTP site download only, or only allow uploads when you need them. JT |
#8
|
|||
|
|||
Jim Turner wrote:
On Fri, 29 Aug 2003 00:31:54 GMT, "FuzionMan" wrote: Anyone know if this is fixed in service pack 2? Is what fixed? The basic insecurity of FTP? No. Is it worse than most others? Probably not. Don't most have accept and deny lists? From that link the MS version on win2K pro doesn't which is pretty basic to making the host system somewhat secure. Is FTP secure? No but this version looks like it has the potential to open the host system up to anyone which is pretty typical of MS networking products. -- Stacey |
#9
|
|||
|
|||
On Thu, 28 Aug 2003 22:02:55 -0400, Stacey wrote:
But many FTP programs can be setup to "accept" or "deny" etc and if someone is going to be able to gain access to a machine through even a download only server, whose FTP server would you think would be the easiest to hack into? Yes FTP hackers can "catch" passwords etc but being able to deny or only accept specific hosts is at least a starting point that this package lacks. If I was going to setup an FTP server that was going to be online I would sure want something where unknown users couldn't end up gaining access to every file on my system would you? Even MS FTP limits the directory tree that FTP can play in, so you don't have to allow access to the whole machine. On Win2K you can also use basic windows security. If they don't have a valid Win2k username and password, they can't access FTP site. Not quite the same as an accept or deny list, but will give basic security if you only want to have a few friends access your ftp site, or have a public username/password for those that access your site. Just turn off anonymous FTP. Limit your FTP users to that one directory using windows security. It really does work I have seen hacks into Unix/Linux based FTP servers. There are still some gotchas out there if you don't set them up properly. |
#10
|
|||
|
|||
One more quote from that site which obviously you didn't bother to look at.. It's not "the nature of the beast" to always allow someone from =ANY= IP to enter a username/password combo and them trying to guess at which range of IP's is accepted, using almost any other FTP software, isn't very likely. Enabling this server with no sort of accept/deny scripts is opening an easy path into a network. ----------------- Considering that FTP is a remote service that involves cleartext exchange of authentication information, removing the capability to easily prevent entire classes from IPs from even *offering* the correct username/password shared secrets can do much to increase site security. Even if IPs aren't particularly cryptographically secure, the simple knowledge of which IPs are allowed access can be a secret unto itself, and spoofing IPs outside the local LAN is an order of magnitude more difficult as well. I have looked at "the site", and documentation on FTP on many systems. Most of the time that you have a known list of IPs that you can restrict FTP to, there are better alternatives. If you are going to use it in a lan environment normal file sharing protocols are better and faster. If you are doing it over the internet, then it is not likely the ftp clients will be in unique IP ranges. You might use it if you are transfering files from remote offices, and all ends have static IP, but even there spoofing IPs is not that hard, and it is also easy to watch what transfers if someone is interested. If you are setting up an FTP site for people on the road, for example, then IP lists will not be a practical solution unless you also are using some type of VPN, which solves the security problems anyway. FTP is not very secure. If you set up an FTP site that allows anonymous downloads, the Win2k FTP server is not functionally different than the others. You can also setup "user" accounts that only have access to the ftp directory on the machine for more secure uploads. |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Firewall Software & Anti-Virus Software For Old Computer | ~misfit~ | General | 6 | August 29th 03 09:49 PM |
Good Price on Hardware Modem? | Mark Wilson | General | 8 | August 12th 03 02:08 PM |
Windows server video capture hardware/software | Some One | General | 0 | July 27th 03 05:33 PM |
Earn $500 to $700 per Week Downloading FREE Software NAQE | [email protected] | General | 0 | July 20th 03 07:27 AM |
What software can't P4 2.4Ghz handle? | online | General | 4 | July 9th 03 09:25 PM |