Ralf G. R. Bergs writes: > On Wed, 06 Nov 2002 16:50:13 -0500, Owen McCusker wrote: > > [...] >>Has anyone else seen this type of activity from dip.t-dialin.net >>or dipsters for short. ;-)? t-dialin.net is the domain under which surfers from Deutsche Telekom's T-Online service operate (though not exclusively, IIRC). t-dialin also includes ADSL-lines, so there are likely to be some warez-d00dez behind them. > Sure, I see it all day. > > What they're trying to achieve is determine whether you have an "open" > FTP > server which allows them to store "warez" and download them again. > > A simple countermeasure against this is to give files that are uploaded > to your "incoming" directory permissions so that anonymous users can't > access them anymore. You can even prohibit them from reading the > directory's contents so that they don't even see which files are stored > inside the directory. I haven't checked other platforms, but FreeBSD's ftpd allows for a "incoming-only" mode, where people can't get anything from your server. If you must have uploads, think about using that. As a bonus, you might be able to collect the dropped warez at the end of the business day without hassle ;-) cheers, Rainer -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Rainer Duffner Munich rainer@ultra-secure.de Germany http://www.i-duffner.de Freising ======================================== When shall we three meet again In thunder, lightning, or in rain? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Nov 07 2002 - 11:56:16 PST