[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Yudit text-editor
> Here I always thought that passive mode (which most browsers use) is much
> more security-friendly than active - you haven't to allow connections to
> some strange ports at your site.
> Just to increase my sysadmin knowledge :) - which configuration might
> allow to serve vanilla FTP clients and refuse webbrowser's FTP?
I don't know anything about passive/active, and this is not the
difference between browsers and FTP clients. The only problem is
that web browsers check many services (i.e. ping) and not only FTP
(20,21). Some of the additional services are still denied here, so
browsers may fail to access my FTP. Anyway, I'll fix it in a few
days.
Note: There are other things which are *MUCH* more important for
your security than my junk. Such as immediate installation of any
patch. Or avoiding clear-text passwords over the Net (use the last
ssh instead of telnet, don't use ftp except for anonymous, don't
use POP/IMAP4, etc.). Or denying vulnerable services such as POP3/
IMAP4/SMB/NFS/X/79/etc. Or not using old HTTPD with vulnerabilities
such as phf. Or denying ingoing packets with spoofed or illegal
source IPs (such as 127.0.0.1, 192.168.*, addresses same as yours,
etc.). Or avoiding DNS (UNLESS YOU NEED IT!).
--
Eli Marmor