|
Home > Archive > IIS FTP Server > February 2004 > Anyone know about Tag Attack?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Anyone know about Tag Attack?
|
|
| Matthew Speed 2004-02-18, 9:34 am |
| I found some directories in a folder accessible by an FTP server with
anonymous login rights that required installing UNIX Services for
Windows to remove (lots of strange characters in the names)
The only documentation I could find on the web was in German so it is
not clear what was done or whether this was a system exploit or just
something that can be done via anonymous login.
TIA
| |
| Paul Lynch 2004-02-18, 11:34 am |
| On Wed, 18 Feb 2004 17:33:23 -0500, Matthew Speed <mspeed@mspeed.net>
wrote:
>I found some directories in a folder accessible by an FTP server with
>anonymous login rights that required installing UNIX Services for
>Windows to remove (lots of strange characters in the names)
>
>The only documentation I could find on the web was in German so it is
>not clear what was done or whether this was a system exploit or just
>something that can be done via anonymous login.
>
>TIA
Matthew,
Its not a system exploit I'm afraid, just a poorly configured and
insecure server.
These KB articles contain some useful information :
You Cannot Delete a File or a Folder
http://support.microsoft.com/?id=320081
How to Remove Files with Reserved Names in Windows
http://support.microsoft.com/?id=120716
And there's some good security related information here also,
especially the advice about securing your server from future attacks.
Remember, they didn't break in, they merely walked in through the open
door you left :
http://securityadmin.info/faq.asp#ftpfolder
Regards,
Paul Lynch
MCSE
| |
| Matthew Speed 2004-02-18, 2:34 pm |
| >Remember, they didn't break in, they merely walked in through the open
>door you left :
>
This is what I suspected. I needed to set up an anonymous directory
temporarily. I just wanted to make sure that this was merely an abuse
of an open ftp server and not a backdoor breakin.
I have since removed anonymous access from that server (the need no
longer exists) so I should avoid having this happen in the future.
| |
| Alun Jones [MS MVP] 2004-02-25, 10:34 pm |
| In article <nia830hphasrqp0gebs6kh6f8ei8d1rn68@4ax.com>, Matthew Speed
<mspeed@mspeed.net> wrote:
>This is what I suspected. I needed to set up an anonymous directory
>temporarily. I just wanted to make sure that this was merely an abuse
>of an open ftp server and not a backdoor breakin.
It's _probably_ only an abuse of an open FTP server.
Can you be sure enough for your own needs? Probably.
Can you be absolutely certain? No. Maybe the uploaded tagged files are
only to hide the added functionality on your system. I'd scan the crap out
of it, if I were you.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place | alun@texis.com.
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
|
|
|
|
|