[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] secFTP not working on Qube2

Subject: Re: [cobalt-security] secFTP not working on Qube2
From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
Date: Tue, 31 Oct 2000 12:55:17 -0600
Organization: anonymous
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Thu, 26 Oct 2000 15:03:15 +0100 (BST), Gossi The Dog <gossi@xxxxxxxxxxxxxx>
wrote:

:>> This is working for me.
:>> 
:>> Add the following directive to your /etc/proftpd.conf file:
:>> 
:>> AllowForeignAddress             on
:>> 
:>> Here are the details from proftpd:
:>> http://www.proftpd.net/docs/configuration.html#AllowForeignAddress
:>
:>Note that by doing this you allow 'bounce' attacks (but then, if you deny
:>anonymous access this shouldn't really be much of a problem), and at any
:>rate forwarding ftp thru ssh leaves the actual data
:>unencrypted.  Passwords are exchanged over a secure channel, though.

Thanks.

About the only choice I have until proftpd has a sftp module. At least it
protects the pw. I am not sure I understand what is a bounce attack though.

Mike.

References:
- Re: [cobalt-security] secFTP not working on Qube2
  - From: Jeff Lovell
- Re: [cobalt-security] secFTP not working on Qube2
  - From: Gossi The Dog

Prev by Date: Re: [cobalt-security] Vacation Mail Exploit patch for RaQ4
Next by Date: [cobalt-security] Newbie to cobalt
Previous by thread: Re: [cobalt-security] secFTP not working on Qube2
Next by thread: Re: [cobalt-security] secFTP not working on Qube2

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index