Re: How vulnerable is setting up anonymous read-only ftp access to my LS?
- --- In LinkStation_General@yahoogroups.com, "born_daniel"
>Yes. If you allow people to send you stuff there is always a
> Well, my understanding of most ftp exploits is that you send a
> binary file containing executable code and then you end up being
> able to execute that code somehow.
possibility they will then find a way to execute it. Often using
some other unrelated exploit you might have.
> The version of ftp appears to be wu-ftp 2.6.1 and there are talksI never used the original OS on my LS long enough to figure this
> about vulnerabilities of this version but I wasn't able to find
> any details about what they are and what they allow...
out, but there were two ftp servers installed on the LS, wu-ftp and
proftp. I never quite understood which one got used for what, but
assumed the one was used over the other when you enabled "anonymous
FTP" on the LS's Web Interface.
> --- In LinkStation_General@yahoogroups.com, "James Stewart"
> <wartstew@y...> wrote:
> > --- In LinkStation_General@yahoogroups.com, "born_daniel"
> > <born_daniel@y...> wrote:
> > >
> > > Hi all,
> > >
> > > I know FTP is not secure at all and suffers many
> > > how much risk am I exposing my LS (and its data) to, by
> > > anonymous read-only access to a separate shared folder?any
> > >
> > > Still using root-hacked 1.44 on LS I (for now) :-)
> > >
> > > Thanks,
> > > Daniel
> > >
> > It is not as bad as you think. Just remember that nothing is
> > encrypted. This means never try to log in across the internet
> using a
> > user name and password that you don't mind being totally public
> > (remember your web browser might cache then use a user/password
> > that you didn't intend it to at times). Don't send or receive
> > data using FTP that you don't mind being totally public. Thenmake
> > sure that the "ftp" and "anonymous" logins will not be allowedYou
> > access or access to anything other services you don't want the
> > into.
> > I forgot what version of ProFTP the LS uses by default. It is
> > probably an older version and might have some security issues.
> > might research this a bit and see if there were ever any known
> > exploits of any of these security issues.