HPE Community
Operating System - HP-UX
1847584 Members
2858 Online
110265 Solutions
New Discussion

Re: need information

 
SOLVED
Go to solution
Azaru
Regular Advisor

‎08-28-2009 08:54 AM

‎08-28-2009 08:54 AM

need information

How to bloack the incoming and outgoing ftp access in hpux server? We are running HPUX 11i series operating system in our HP servers.


Thanks
azaru
0 Kudos
Reply
7 REPLIES 7
Patrick Wallek
Honored Contributor

‎08-28-2009 08:57 AM

‎08-28-2009 08:57 AM

Re: need information

At what level do you want to block FTP access?

For incoming, do you want to block all connections? If so, comment out, or remove, the FTP entries in /etc/inetd.conf and then run 'inetd -c' to force a re-read of the inetd.conf file.

For outgoing, you would need to remove permission on the FTP executable or just rename FTP to FTP.ORIG.
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

‎08-28-2009 09:08 AM

‎08-28-2009 09:08 AM

Solution

Re: need information


>> How to bloack the incoming and outgoing ftp access in hpux server? We are running HPUX 11i series operating system in our HP servers.

Patrick already answered the basics.

An alternative is to cut the network cables.

If that is a little too coarse (nothing the question suggests it would be :-), then maybe you can finesse this by telling the network switch to block traffic on certain ports (21).

Patrick wrote>> "For outgoing, you would need to remove permission on the FTP executable or just rename FTP to FTP.ORIG."

While that will work for simpleton users, that is a bit naive a solution isn't it?
FTP is not us much an executable as it is a network protocol. Any program can just 'talk FTP' on a network port.
One example would be perl module Net::FTP which is a class implementing a simple FTP client in Perl as described in RFC959. Renaming FTP will not stop that.

http://perldoc.perl.org/Net/FTP.html

fwiw,
Hein.

Reply
Azaru
Regular Advisor

‎08-28-2009 09:10 AM

‎08-28-2009 09:10 AM

Re: need information

Hi patric

Thanks for the information. You are right. I have done the first step that u said and things happened reversly. I can able to ftp from other server to the blocked one and not able to do outgoing.

azar
0 Kudos
Reply
Azaru
Regular Advisor

‎08-28-2009 10:42 AM

‎08-28-2009 10:42 AM

Re: need information

Hi all,

We have done the vulnerability test in our servers. And as a result we have got these following high risky things are happening in the report. I dont know what it means. Can any one please explain it. Its about the ftp i understand.

WU-FTPDSockPrintf()
Remote Stack-based Buffer
Overrun

WU-FTPD S/Key Remote
Buffer Overrun

WU-FTPD File Conversion
Command Execution

WU-FTPD fb_realpath()
Off-By-One Buffer Overflow
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

‎08-28-2009 12:07 PM

‎08-28-2009 12:07 PM

Re: need information


Those message refer to known vulnerabilties to the wu-ftpd.
( http://en.wikipedia.org/wiki/WU-FTPD )

You may want to check out the following topics:

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1319049

"From my research it appears that the current release and patching for HPUX ftpd is based uopon WU-FTPD 2.6.1. "


and

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1331080


Some of those vulnerabilites listed seem pretty old. 2003? See for example:

http://unix.derkeiler.com/Newsgroups/comp.sys.hp.hpux/2003-09/0054.html

Exactly what version of HPUX + patch level do you have?

hth,
Hein.

Reply
Azaru
Regular Advisor

‎08-28-2009 01:01 PM

‎08-28-2009 01:01 PM

Re: need information

Dear Hein

We have HPUX B.11.11 & HPUX B.11.23 versions
and the following path level
swlist | grep -i patch
BUNDLE11i B.11.23.0409.3 Required Patch Bundle for HP-UX 11i v2 (B.11.23), September 2004
FEATURE11i B.11.23.0706.063 Feature Enablement Patches for HP-UX 11i v2, June 2007
HWEnable11i B.11.23.0706.064 Hardware Enablement Patches for HP-UX 11i v2, June 2007.



One more thing i couldn't find any wu-ftpd fileset in there using this command given in the last link.
#swlist -l fileset | grep -i wu-ftp-26.inetsvcs-ftp
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

‎08-29-2009 08:22 PM

‎08-29-2009 08:22 PM

Re: need information

This website appears to have a couple of really good overview for FTP setups...

http://newfdawg.com/SHP-Articles.htm

Hein.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.