RE: Linux firewall for a Samba || NT file server

[Tim Hurman <kano-tlug@example.com>]

if you use FTP, some things that make it harder to use as a warez server
are this:

make the upload directory writable but not readable. this prevents people
from seeing recently uploads items, when you have checked then, just put
then in a r/o dir.

this may sound nuts but.... if you use ncftp, get the *latest* source
(check regularly) and change it to print a fake version number. if you
use an early version number, it means that potential intruders/script
kiddies will try older vounerabilities and fail. security by obscurity.

also follow the ftpd setup for anonftp in `man ftp` or the ftp howto.

Tim.

On Fri, 3 Aug 2001, Scott Stone wrote:

>
> MSIE can drag-and-drop to/from ftp servers...
>
> -----------------------------------------------------
> Scott M. Stone <sstone@example.com>
> Senior Technical Consultant - UNIX and Networking
> Taos, the Sysadmin Company - Santa Clara, CA
>
>
> -----Original Message-----
> From: Jean-Christian Imbeault [mailto:jean_christian@example.com]
> Sent: Thursday, August 02, 2001 7:52 PM
> To: tlug@example.com
> Subject: Re: Linux firewall for a Samba || NT file server
>
>
> >From: Jake Morrison <jake_morrison@example.com>
> >
> >If I recall correctly, there are some potential security
> >problems with allowing access to udp/137 -- crackers can
> >use it to map out your network.
>
> Ouch. Sounds like something I don't want.
>
> >You would probably be better off running HTTP or FTP.
>
> Agreed. But I want to set up a file server for "dumb" windows users. i.e.
> drag -and-drop.  I don't think FTP or HTTP will quite do it. They can easily
>
> get the files, but putting files on the machines isn't so easy.
>
> >Allowing write access is also quite tricky. It can be used
> >to compromise the server or store warez.
>
> Hum, more bad news . . .
>
> So if and SMB server has all these security holes what would you recommend?
>
> I guess the problems is that the file server is for internal use only but I
> still want to make it secure just in case one of internal machines get
> compromised and then is used to hack the file server.
>
> Jc
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
> -----------------------------------------------------------------------
> Next Nomikai Meeting:    Fri, Aug 10 19:30-  Tengu Tokyo Eki-Mae
> Next Technical Meeting:  Sat, Sep 15 13:30-  Akasaka Kumin Center
> -----------------------------------------------------------------------
> more info: http://www.tlug.gr.jp           Sponsor: Global Online Japan
>
> -----------------------------------------------------------------------
> Next Nomikai Meeting:    Fri, Aug 10 19:30-  Tengu Tokyo Eki-Mae
> Next Technical Meeting:  Sat, Sep 15 13:30-  Akasaka Kumin Center
> -----------------------------------------------------------------------
> more info: http://www.tlug.gr.jp           Sponsor: Global Online Japan
>
>