-- Sorry for posting this Summary twice, but the previous one was
encoded as BASE64 and I did'nt realize it since it was
X-MIME-Autoconverted from BASE64 to 8bit by my mailer.
(I can notunderstand how it happened, but anyway...)
-- I apoligize with people could'nt read my previous summary
Dear friends here it is the solution to my (strange) question concerning
the way to avoid anonymous ftp user knowing the O.S. to wich they are
connected to. I presume that if they are malicious the knowledge of the
O.S. could later help them to better attack the machine. I MUST say that
dott. Blinn reply, while giving (as usuall) the right technical answer,
states as follows:
As "security" problems go, this is the least of your worries. If hackers
can get as far as the ftp daemon, you're already in trouble.
and that is 200% true!
Anyway, as suggested by Tom Blinn the solution is to edit the
/usr/sbin/ftpd (binary executable file) changing strings as necessary.
As Tom Blinn suggests it is possible to change strings in binary
executebles if you don't change their lengths. I changed the
format in wich the unwanted info are written to sdtout. I changed
from format %s into format %d and it works!
---- I used emacs to edit the binaries ------
In T64 v5.0 ftpd the changes are as follows:
%s FTP server (%s %s) ready.
to
%s FTP server (%d %d) ready.
UNIX Type: L%d Version: %s %s
to
???? Type: L%d Version: %d %d
In previous version's ftpd the strings are different, but once you
located the strings "server" and "UNIX" you easily see where to change
the formats.
The result in ftp-ing to my server now is as follows:
220 mantegna.casaccia.enea.it FTP server (???????????? 1073751056) ready.
Name (mantegna:root): ftp
331 Guest login ok, send ident as password.
Password:
230 Guest login ok, access restrictions apply.
Remote system type is ????.
ftp> system
215 ???? Type: L8 Version: 1073749176 536870440 (Rev. 536870472)
ftp>
Another solution is suggested by Tom Blinn again:
Alternatively, you could purchase a Tru64 UNIX customer source
kit and modify the sources for the ftp daemon and then build your version
from sources and then use that.
Tom Webster suggested to use wu-ftpd which has improvements respect to
ftpd and ...
it allows you to specify how much detail is provided in
the connection string:
'greeting full' is the default and shows the hostname and daemon version.
'greeting brief' whose shows the hostname.
'greeting terse' simply says "FTP server ready."
You can also specify your own text for the greeting.
Thanks to both Tom:
"Dr. Tom Blinn, 603-884-0646" <tpb_at_doctor.zk3.dec.com>
Tom Webster <webster_at_ssdpdc.lgb.cal.boeing.com>
Ciao from Italy,
Emanuele
--
$$$ Emanuele Lombardi
$$$ mail: AMB-GEM-CLIM ENEA Casaccia
$$$ I-00060 S.M. di Galeria (RM) ITALY
$$$ mailto:lele_at_mantegna.casaccia.enea.it
$$$ tel +39 06 30483366 fax +39 06 30483591
$$$
$$$ |||
$$$ \|/ ;_;
$$$ What does a process need | /"\
$$$ to become a daemon ? | \v/
$$$ | |
$$$ - a fork o---/!\---
$$$ | |_|
$$$ | _/ \_
$$$* Contrary to popular belief, UNIX is user friendly.
$$$ It's just very particular about who it makes friends with.
$$$* Computers are not intelligent, but they think they are.
$$$* True programmers never die, they just branch to an odd address
$$$* THIS TRANSMISSION WAS MADE POSSIBLE BY 100% RECYCLED ELECTRONS
--
$$$ Emanuele Lombardi
$$$ mail: AMB-GEM-CLIM ENEA Casaccia
$$$ I-00060 S.M. di Galeria (RM) ITALY
$$$ mailto:lele_at_mantegna.casaccia.enea.it
$$$ tel +39 06 30483366 fax +39 06 30483591
$$$
$$$ |||
$$$ \|/ ;_;
$$$ What does a process need | /"\
$$$ to become a daemon ? | \v/
$$$ | |
$$$ - a fork o---/!\---
$$$ | |_|
$$$ | _/ \_
$$$* Contrary to popular belief, UNIX is user friendly.
$$$ It's just very particular about who it makes friends with.
$$$* Computers are not intelligent, but they think they are.
$$$* True programmers never die, they just branch to an odd address
$$$* THIS TRANSMISSION WAS MADE POSSIBLE BY 100% RECYCLED ELECTRONS
Received on Wed Feb 02 2000 - 14:08:11 NZDT