Attacking and Securing FTP

Presented at DEF CON 10 (2002), Aug. 2, 2002, 1 p.m. (50 minutes)

The Unix FTP servers have been called 'the IIS of the Unix world' for their frequent and potent vulnerabilities. Each has provided remote exploits, usually at the root privilege level, on a consistent and frequent basis. WU-FTPd is the most popular Unix FTP server by far, shipping by default on most Linux distributions, and even on Solaris, and being installed most commonly on the rest of the Unix platforms. This talk will demonstrate working exploits on WU-FTPd, then show you how to configure WU-FTPd to defeat them. While the talk will use WU-FTPd as the primary example, we'll also discuss ProFTPd, the other major FTP daemon for Unix.


Presenters:

  • Jay Beale - JJB Security Consulting & Training Bastille Linux Homepage
    Jay Beale is the president and founder of JJB Security Consulting and Training, LLC. He is the Lead Developer of the Bastille Linux Project, which creates a hardening program for Linux and HP-UX. Jay is the author of a number of articles on computer security, along with the upcoming book "Locking Down Linux the Bastille Way" to be published in the second quarter of this year by Addison Wesley. You can learn more about his articles, talks, courses and consulting via http://www.bastille-linux.org/jay.

Links:

Similar Presentations: