The BSD mascot drawed by Tatsumi Hosokawa
  Chuck's corner (site title)

Home
  Welcome!
  Who's that Chuck? [FR]

Articles
  Computer forensics [FR]
  Virtual-to-Remote Physical [FR]
  Promethee, educ. intranet [FR]
  Frenzy, live mini CD [FR]
  Open/Closed source sec. [FR]
  Installing FreeBSD 5 [FR]
  Powered by Unknown! [FR]
    FreeBSD / Nmap (1/2) [FR]
    FreeBSD / Nmap (2/2) [FR]
    telnetd [FR]
    ftpd [FR]
    Apache [FR]
    Bind [FR]
    Lukemftpd [FR]
    OpenSSH [FR]
    PHP [FR]
    Qpopper [FR]
    Sendmail [FR]
    Sendmail / Smtpscan [FR]
    Sendmail / Smtpmap [FR]

  Work in progress:
  Fingerprints analyzers [FR]

Software
  Ports [FR]
  HeV project

Links
  BSD sites in french [FR]
  BSD systems list [FR]
  Projects of the month [FR]

Search
  with Google's logo

  on this site:
  
  on BSD contents:
  

Powered by Unknown !

lukemftpd sous FreeBSD

Les serveurs FTP (et notamment Lukemftpd, importé du projet NetBSD dans le projet FreeBSD) affichent spontanément ou à la demande certaines informations sensibles : 

# ftp localhost
220 localhost.maison FTP server (lukemftpd 1.2 beta 1) ready.
Name (localhost:root): guest
331 Password required for guest.
Password: ********
230-
    FreeBSD 4.7-RELEASE (GENERIC) #0: Tue Oct  8 14:11:51 GMT 2002
    
    Welcome to FreeBSD!
    
230 User guest logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> syst
215 UNIX Type: L8 Version: lukemftpd 1.2 beta 1
ftp> rstatus
211-localhost.maison FTP server status:
    Version: lukemftpd 1.2 beta 1
    Connected to localhost.maison (127.0.0.1)
    Logged in as guest
    TYPE: ASCII, FORM: Nonprint; STRUcture: File; transfer MODE: Stream
    No data connection
    Data sent:        0 bytes in 0 files
    Data received:    0 bytes in 0 files
    Total data:       0 bytes in 0 files
    Traffic sent:     1830 bytes in 0 transfers
    Traffic received: 42 bytes in 0 transfers
    Total traffic:    1872 bytes in 0 transfers
    
    Class: real, type: REAL
    Check PORT/LPRT commands: enabled
    Idle timeout: 900, maximum timeout: 7200
    Current connections: 2
    Maximum connections: unlimited
    Deny bad ftpusers(5) quickly: disabled
    Maximum file size: unlimited
    MotD file: /etc/motd
    Modify commands (CHMOD, DELE, MKD, RMD, RNFR, UMASK): enabled
    Upload commands (APPE, STOR, STOU): enabled
    Sanitize file names: disabled
    PASV/LPSV/EPSV connections: enabled
    Rate get limit: disabled
    Rate put limit: disabled
    Umask: 0027
211 End of status
ftp> bye
221-
    Data traffic for this session was 0 bytes in 0 files.
    Total traffic for this session was 2664 bytes in 0 transfers.
221 Thank you for using the FTP service on localhost.maison.

Une option de lancement permet cependant d'éviter ces fuites d'informations : 

# man lukemftpd
[...]
     -V version
	     Use version as the version to advertise in the login banner and
	     in the output of STAT and SYST instead of the default version
	     information.  If version is empty or `-' then don't display any
	     version information.
[...]

Cette option peut être ajoutée dans le fichier /etc/inetd.conf : 

ftp	stream	tcp	nowait	root	/usr/libexec/lukemftpd	ftpd -l -r -V -

Quant à l'affichage du "message du jour", il peut être débrayé via une option du fichier de configuration de lukemftpd : 

# echo "motd none" >> /etc/ftpd.conf

Le serveur se comporte alors comme suit : 

# ftp localhost
220 localhost.maison FTP server ready.
Name (localhost:root): guest
331 Password required for guest.
Password: ********
230 User guest logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> syst
215 UNIX Type: L8
ftp> rstatus
211-localhost.maison FTP server status:
    Version: <suppressed>
    Connected to localhost.maison (127.0.0.1)
    Logged in as guest
    TYPE: ASCII, FORM: Nonprint; STRUcture: File; transfer MODE: Stream
    No data connection
    Data sent:        0 bytes in 0 files
    Data received:    0 bytes in 0 files
    Total data:       0 bytes in 0 files
    Traffic sent:     501 bytes in 0 transfers
    Traffic received: 42 bytes in 0 transfers
    Total traffic:    543 bytes in 0 transfers
    
    Class: real, type: REAL
    Check PORT/LPRT commands: enabled
    Idle timeout: 900, maximum timeout: 7200
    Current connections: 1
    Maximum connections: unlimited
    Deny bad ftpusers(5) quickly: disabled
    Maximum file size: unlimited
    Modify commands (CHMOD, DELE, MKD, RMD, RNFR, UMASK): enabled
    Upload commands (APPE, STOR, STOU): enabled
    Sanitize file names: disabled
    PASV/LPSV/EPSV connections: enabled
    Rate get limit: disabled
    Rate put limit: disabled
    Umask: 0027
211 End of status
ftp> bye
221-
    Data traffic for this session was 0 bytes in 0 files.
    Total traffic for this session was 1307 bytes in 0 transfers.
221 Thank you for using the FTP service on localhost.maison.

Derniers avertissements

Notez que l'identification du serveur reste toujours possible par le biais de son implémentation du protocole FTP (les verbes de commandes et la structure des réponses associées pouvant être assez caractéristiques).

En particulier, on pourra constater ici la spécificité de la réponse à la commande "rstatus" par rapport à celle du ftpd BSD traditionnel...

Au-delà de ces considérations, essayez d'éviter le protocole FTP chaque fois que possible (par exemple au profit de SFTP), les identifiants et authentifiants utilisés passant en effet en clair sur le réseau...

[ French flag Version française | Legal information [FR] | About us [FR] | Manifesto [FR] | Privacy & usage charter [FR] | Contact us | Comments on this page ]
[ FreeBSD ring | Sites list | Go to: previous 5 - previous one - random pick - next one - next 5 ]