Solved

FTP Security

Posted on 2004-08-10
7
248 Views
Last Modified: 2013-12-04
Question: Does limiting ftp connections to your site to specicif IP's offer much security. I have configured my firewall to allow ftp connections to a single IP and yet port 21 is still picked up by a scan as being opened. My contention is, that if port 21 is open, it is still susceptible to vulnerabilities of that inherant with FTP. Is this a correct assumption?

Thanks
0
Comment
Question by:jstansley
  • 2
7 Comments
 
LVL 12

Accepted Solution

by:
gidds99 earned 50 total points
ID: 11767988
It offers pretty good security as limiting the connections to a single IP means that you are limiting the attack surface if there are vulrabilities in the FTP server software they are not exposed as it will not allow an FTP connection to be esablished from other IP's.

Other Experts mention IP spoofing which is easy for a determined attacker with tools which are freely available on the web.  The crucial question to ask in my opinion when considering the risks in this type of setup is, how likely is it an attacker will know the IP in the first place so he is in a position to spoof it?  Any danger from IP spoofing is very limited as I see it.

Hope this helps.
0
 

Author Comment

by:jstansley
ID: 11768058
Thanks....so you are saying that despite the fact that port 21 is listed as open on a port scan.....an attacker cannot launch an attack unless he knows the specific IP for which the server is configured to accept connections?
0
 
LVL 7

Expert Comment

by:magus123
ID: 11770117
their are scans happening every day everywhere , they are automated and they look for anything open
i remeber getting infected with a virus with in seconds going on the internet.

keep in mind these

1.nat dsl router / port forwarding for ftp  / mac cloning
2. firewall at the os  " configure it to disabl icmp " ping attacks
3. ant virus at the os
4. http://www.blackviper.com/  " services ethir listening or not need , consider removing
5.  netstat , check your open prots
6. www.dslreports.com check their forum and recommended sites to  use certain sites
that do port scans on your computer and recommend what to block or shutdown
7.  do level of ftp software and access versus user or anoyumus
8. a dedicated hardware firewall
9.logging , check who or what intrusion if any
10. peer guardian from methlabs , check out their program and the blocklist you can dowload
for known bad intrusions , works at the os level , also consider protowall.

that all i can remember for know
0
 
LVL 12

Expert Comment

by:gidds99
ID: 11770286
What I am saying is that I beleive that although port 21 is open the FTP software wont allow an FTP connection to be made unless it originates from that specific IP.  Therefore as no FTP connection can be completed it is not possible for an attacker to try and exploit any holes which may exist in the FTP server software as many holes will be exploited by an attacker sending corrupt data over a completed connection in order to exploit vulnrabilities in the FTP server software.  By confining to connections to a single IP you are preventing connections from being accepted from other IP's.

Hope this helps.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now