What's a good FTP server software?

What's a good free FTP server that I could download? I tried asking this in
the software NG but nobody has responded yet. Thanks guys...

--
----------------------------------------------
Jason Roner

On Thu, 28 Aug 2003 22:45:16 GMT, "FuzionMan"
wrote:

What's a good free FTP server that I could download? I tried asking this in
the software NG but nobody has responded yet. Thanks guys...

What OS? Linux has it free, as does Win2k & Winxp pro (can' remember
about home right now).

Sorry about that, Win 2k Pro. Just bought it and I'm still learning it...I
didn't know it had a FTP serv included?? Can you give me some details?? I
looked through the Start menu but didn't see anything...

--
----------------------------------------------
Jason Roner

"Jim Turner" wrote in message
s.com...
On Thu, 28 Aug 2003 22:45:16 GMT, "FuzionMan"
wrote:

What's a good free FTP server that I could download? I tried asking this
in
the software NG but nobody has responded yet. Thanks guys...

What OS? Linux has it free, as does Win2k & Winxp pro (can' remember
about home right now).

FuzionMan wrote:

Sorry about that, Win 2k Pro. Just bought it and I'm still learning it...I
didn't know it had a FTP serv included?? Can you give me some details??
I looked through the Start menu but didn't see anything...


http://www.doxpara.com/read.php/security/ms_ftp_fw.html

I wouldn't trust a MS ftp server to be secure..
--

Stacey

Anyone know if this is fixed in service pack 2?

--
----------------------------------------------
Jason Roner

"Stacey" wrote in message
...
FuzionMan wrote:

Sorry about that, Win 2k Pro. Just bought it and I'm still learning
it...I
didn't know it had a FTP serv included?? Can you give me some details??
I looked through the Start menu but didn't see anything...


http://www.doxpara.com/read.php/security/ms_ftp_fw.html

I wouldn't trust a MS ftp server to be secure..
--

Stacey

Nevermind guys, I found out how to set up the FTP...
But can anyone answer the question on my last post before this one?

--
----------------------------------------------
Jason Roner

"FuzionMan" wrote in message
news
Sorry about that, Win 2k Pro. Just bought it and I'm still learning it...I
didn't know it had a FTP serv included?? Can you give me some details??
I
looked through the Start menu but didn't see anything...

--
----------------------------------------------
Jason Roner

"Jim Turner" wrote in message
s.com...
On Thu, 28 Aug 2003 22:45:16 GMT, "FuzionMan"
wrote:

What's a good free FTP server that I could download? I tried asking
this
in
the software NG but nobody has responded yet. Thanks guys...

What OS? Linux has it free, as does Win2k & Winxp pro (can' remember
about home right now).

On Thu, 28 Aug 2003 20:27:26 -0400, Stacey wrote:

FuzionMan wrote:

Sorry about that, Win 2k Pro. Just bought it and I'm still learning it...I
didn't know it had a FTP serv included?? Can you give me some details??
I looked through the Start menu but didn't see anything...


http://www.doxpara.com/read.php/security/ms_ftp_fw.html

I wouldn't trust a MS ftp server to be secure..

No ftp server is "secure". That is just the nature of the beast. You
can do ftps, which uses ssl for security, but everything on plain FTP
is passed in plaintext, even passwords. Best you can do is make your
FTP site download only, or only allow uploads when you need them.

JT

Jim Turner wrote:

On Fri, 29 Aug 2003 00:31:54 GMT, "FuzionMan"
wrote:

Anyone know if this is fixed in service pack 2?

Is what fixed? The basic insecurity of FTP? No. Is it worse than most
others? Probably not.

Don't most have accept and deny lists? From that link the MS version on
win2K pro doesn't which is pretty basic to making the host system somewhat
secure. Is FTP secure? No but this version looks like it has the potential
to open the host system up to anyone which is pretty typical of MS
networking products.
--

Stacey

On Thu, 28 Aug 2003 22:02:55 -0400, Stacey wrote:


But many FTP programs can be setup to "accept" or "deny" etc and if someone
is going to be able to gain access to a machine through even a download
only server, whose FTP server would you think would be the easiest to hack
into? Yes FTP hackers can "catch" passwords etc but being able to deny or
only accept specific hosts is at least a starting point that this package
lacks. If I was going to setup an FTP server that was going to be online I
would sure want something where unknown users couldn't end up gaining
access to every file on my system would you?

Even MS FTP limits the directory tree that FTP can play in, so you
don't have to allow access to the whole machine. On Win2K you can also
use basic windows security. If they don't have a valid Win2k username
and password, they can't access FTP site. Not quite the same as an
accept or deny list, but will give basic security if you only want to
have a few friends access your ftp site, or have a public
username/password for those that access your site. Just turn off
anonymous FTP. Limit your FTP users to that one directory using
windows security. It really does work

I have seen hacks into Unix/Linux based FTP servers. There are still
some gotchas out there if you don't set them up properly.

One more quote from that site which obviously you didn't bother to look at..
It's not "the nature of the beast" to always allow someone from =ANY= IP to
enter a username/password combo and them trying to guess at which range of
IP's is accepted, using almost any other FTP software, isn't very likely.
Enabling this server with no sort of accept/deny scripts is opening an easy
path into a network.

-----------------

Considering that FTP is a remote service that involves cleartext exchange of
authentication information, removing the capability to easily prevent
entire classes from IPs from even *offering* the correct username/password
shared secrets can do much to increase site security. Even if IPs aren't
particularly cryptographically secure, the simple knowledge of which IPs
are allowed access can be a secret unto itself, and spoofing IPs outside
the local LAN is an order of magnitude more difficult as well.



I have looked at "the site", and documentation on FTP on many systems.
Most of the time that you have a known list of IPs that you can
restrict FTP to, there are better alternatives. If you are going to
use it in a lan environment normal file sharing protocols are better
and faster. If you are doing it over the internet, then it is not
likely the ftp clients will be in unique IP ranges. You might use it
if you are transfering files from remote offices, and all ends have
static IP, but even there spoofing IPs is not that hard, and it is
also easy to watch what transfers if someone is interested. If you are
setting up an FTP site for people on the road, for example, then IP
lists will not be a practical solution unless you also are using some
type of VPN, which solves the security problems anyway.

FTP is not very secure. If you set up an FTP site that allows
anonymous downloads, the Win2k FTP server is not functionally
different than the others. You can also setup "user" accounts that
only have access to the ftp directory on the machine for more secure
uploads.