rfc2577.txt

RFC 的详细文档！


RFC 2577              FTP Security Considerations               May 1999


   then reject the combination of username and password for an invalid
   username.

8   Port Stealing

   Many operating systems assign dynamic port numbers in increasing
   order.  By making a legitimate transfer, an attacker can observe the
   current port number allocated by the server and "guess" the next one
   that will be used.  The attacker can make a connection to this port,
   thus denying another legitimate client the ability to make a
   transfer.  Alternatively, the attacker can steal a file meant for a
   legitimate user.  In addition, an attacker can insert a forged file
   into a data stream thought to come from an authenticated client.
   This problem can be mitigated by making FTP clients and servers use
   random local port numbers for data connections, either by requesting
   random ports from the operating system or using system dependent
   mechanisms.

9   Software-Base Security Problems

   The emphasis in this document is on protocol-related security issues.
   There are a number of documented FTP security-related problems that
   are due to poor implementation as well.  Although the details of
   these types of problems are beyond the scope of this document, it
   should be pointed out that the following FTP features has been abused
   in the past and should be treated with great care by future
   implementers:

   Anonymous FTP

      Anonymous FTP refers to the ability of a client to connect to an
      FTP server with minimal authentication and gain access to public
      files.  Security problems arise when such a user can read all
      files on the system or can create files. [CERT92:09] [CERT93:06]

   Remote Command Execution

      An optional FTP extension, "SITE EXEC", allows clients to execute
      arbitrary commands on the server.  This feature should obviously
      be implemented with great care.  There are several documented
      cases of the FTP "SITE EXEC" command being used to subvert server
      security [CERT94:08] [CERT95:16]

   Debug Code

      Several previous security compromises related to FTP can be
      attributed to software that was installed with debugging features
      enabled [CERT88:01].



Allman & Ostermann           Informational                      [Page 5]

RFC 2577              FTP Security Considerations               May 1999


   This document recommends that implementors of FTP servers with these
   capabilities review all of the CERT advisories for attacks on these
   or similar mechanisms before releasing their software.

10  Conclusion

   Using the above suggestions can decrease the security problems
   associated with FTP servers without eliminating functionality.

11  Security Considerations

   Security issues are discussed throughout this memo.

Acknowledgments

   We would like to thank Alex Belits, Jim Bound, William Curtin, Robert
   Elz, Paul Hethmon, Alun Jones and Stephen Tihor for their helpful
   comments on this paper.  Also, we thank the FTPEXT WG members who
   gave many useful suggestions at the Memphis IETF meeting.

References

   [AOM98]     Allman, M., Ostermann, S. and C. Metz, "FTP Extensions
               for IPv6 and NATs", RFC 2428, September 1998.

   [Bel94]     Bellovin. S., "Firewall-Friendly FTP", RFC 1579, February
               1994.

   [CERT88:01] CERT Advisory CA-88:01. ftpd Vulnerability. December,
               1988 ftp://info.cert.org/pub/cert_advisories/

   [CERT92:09] CERT Advisory CA-92:09. AIX Anonymous FTP Vulnerability.
               April 27, 1992. ftp://info.cert.org/pub/cert_advisories/

   [CERT93:06] CERT Advisory CA-93:06. Wuarchive ftpd Vulnerability.
               September 19,1997
               ftp://info.cert.org/pub/cert_advisories/

   [CERT94:08] CERT Advisory CA-94:08. ftpd Vulnerabilities. September
               23, 1997.  ftp://info.cert.org/pub/cert_advisories/

   [CERT95:16] CERT Advisory CA-95:16. wu-ftpd Misconfiguration
               Vulnerability.  September 23, 1997
               ftp://info.cert.org/pub/cert_advisories/

   [CERT97:27] CERT Advisory CA-97.27. FTP Bounce.  January 8, 1998.
               ftp://info.cert.org/pub/cert_advisories/




Allman & Ostermann           Informational                      [Page 6]

RFC 2577              FTP Security Considerations               May 1999


   [HL97]      Horowitz, M. and S. Lunt, "FTP Security Extensions", RFC
               2228, October 1997.

   [Pis94]     Piscitello, D., "FTP Operation Over Big Address Records
               (FOOBAR), RFC 1639, June 1994.

   [Pos81]     Postel, J., "Transmission Control Protocol", STD 7, RFC
               793, September 1981.

   [PR85]      Postel, J. and J. Reynolds, "File Transfer Protocol
               (FTP)", STD 9, RFC 959, October 1985.

   [RP94]      Reynolds, J. and J. Postel, "Assigned Numbers", STD 2,
               RFC 1700, October 1994.  See also:
               http://www.iana.org/numbers.html

Authors' Addresses

   Mark Allman
   NASA Glenn Research Center/Sterling Software
   21000 Brookpark Rd.  MS 54-2
   Cleveland, OH  44135

   EMail: mallman@grc.nasa.gov


   Shawn Ostermann
   School of Electrical Engineering and Computer Science
   Ohio University
   416 Morton Hall
   Athens, OH  45701

   EMail: ostermann@cs.ohiou.edu


















Allman & Ostermann           Informational                      [Page 7]

RFC 2577              FTP Security Considerations               May 1999


Full Copyright Statement

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



















Allman & Ostermann           Informational                      [Page 8]