[luau] Secure FTP to RedHat 7.3 box?

Brian Chee chee at hawaii.edu
Mon Dec 9 15:15:00 PST 2002


I'm not sure....lemme try it out and report back to the list....however, I'm
not sure that PORT options would work, since you're going to be coming from
a different IP regardless....unless of course you implement IP address
spoofing on your remote workstation....which would set off all kinds of
triggers on the way to the host anyway...

The point I was trying to make was that under default conditions, all modern
FTP daemons (and most other daemons nowdays) are sensitive to smurf/spoof
attacks. So changing the source IP address midstream will tend to set off
bells and whistles galore. To avoid this, just implement the "ignore" to the
address change ONLY on the local machine...that's what the sample config I
sent was all about.

I'm still trying to break this and see if there is any inherent
weaknesses....but time and resource constraints slow me down.

Oh yeah....lest I be a pig and forget....this tunneling trick was originally
taught to me by Warren Togami when applied to VNC....now like many others in
the linux world....my lab uses this trick for all kinds of stuff....like
running a tar session across an SSH link so that I can do a tape backup from
a machine that doesn't have a tape, to a machine that does....all
encrypted... that and rsync runs great over ssh too...

/brian chee

University of Hawaii ICS Dept
Advanced Network Computing Lab
1680 East West Road, POST rm 311
Honolulu, HI  96822
808-956-5797 voice, 808-956-5175 fax

----- Original Message -----
From: "Vince Hoang" <luau at ml.altern8.net>
To: <luau at videl.ics.hawaii.edu>
Cc: "Erich S." <sharky at websharx.com>
Sent: Monday, December 09, 2002 2:58 PM
Subject: Re: [luau] Secure FTP to RedHat 7.3 box?


> On Mon, Dec 09, 2002 at 02:27:49PM -1000, Brian Chee wrote:
> > Here's the section of the proftpd.conf file that you really need....
> >
> > # Allow foreign addresses to support SSH tunneling
> > AllowForeignAddress on
>
> Is this option still required if FTP tunneling runs over PORT
> instead of PASV mode? (Excellent summary, btw.)
>
> -Vince
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau




More information about the LUAU mailing list