Re: ano@ano.com ftpd dip.t-dialin.net

From: Rainer Duffner <rainer(at)ultra-secure.de>
Date: Thu Nov 07 2002 - 12:02:49 EST

Ralf G. R. Bergs writes:

> On Wed, 06 Nov 2002 16:50:13 -0500, Owen McCusker wrote:
>>Has anyone else seen this type of activity from dip.t-dialin.net >>or dipsters for short. ;-)?

t-dialin.net is the domain under which surfers from Deutsche Telekom's 
T-Online service operate (though not exclusively, IIRC).
t-dialin also includes ADSL-lines, so there are likely to be some 

warez-d00dez behind them.

> Sure, I see it all day.
>
> What they're trying to achieve is determine whether you have an "open"
> FTP
> server which allows them to store "warez" and download them again.
>
> A simple countermeasure against this is to give files that are uploaded
> to your "incoming" directory permissions so that anonymous users can't
> access them anymore. You can even prohibit them from reading the
> directory's contents so that they don't even see which files are stored
> inside the directory.

I haven't checked other platforms, but FreeBSD's ftpd allows for a "incoming-only" mode, where people can't get anything from your server. If you must have uploads, think about using that. As a bonus, you might be able to collect the dropped warez at the end of the business day without hassle ;-)

cheers,
Rainer

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner                   Munich
rainer@ultra-secure.de          Germany
http://www.i-duffner.de        Freising
========================================
    When shall we three meet again
  In thunder, lightning, or in rain?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Thu Nov 7 14:56:35 2002