mapping FTP site as local drive


 
Thread Tools Search this Thread
Special Forums Windows & DOS: Issues & Discussions mapping FTP site as local drive
# 8  
Old 10-24-2002
Quote:
Originally posted by cerberusofhate
First of all, I was not even expecting a correct answer, so its not that im pist off because no one was able to give it to me, i got pist off because I specified that SMB was not a solution, and I got a SMB answer.
Wah.

I'll be happy to refund your money.

For some reason, I thought you wanted to share the Win98 via the FTP server.

Quote:
God only knows how many abbreviations of FTP I could think of. I may just have to live (or rather, the user will have to live) with having a shortcut instead of a mapped drive, or just install win2k (which supports FTP-mapped drives). I've heard of it being done, but like so many MS-related stuff, it takes a win32 kernel hacker to find out how to do it, which I definetely am not.
I found a product on-line that does exactly what you are wanting to do, although it $29.95 per copy. I loaded a demo copy on my box and sure enough, it worked. Never thought of that before.

But my question is this: If the network is so secure, why use a protocol that sends the password in clear text? I assume that you are using a dummy account that is limited to only the FTP sub-dir only.

Have a good 'un.
# 9  
Old 10-24-2002
smbd/nmbd take, from experience, very little resource on the machine.

And "0-day" exploits is a weak excuse not to use specific software - that type of threat can affect any piece of software ever created... If you're so worried about 0-day security holes, don't let strangers on your damn network!

Search for ftp exploits, then for Samba-specific exploits - see which you find more of... Cripes, wu-ftpd is the cause of half of them, but nearly all implementations have had problems at one point of another.
# 10  
Old 10-25-2002
Quote:
Originally posted by LivinFree
smbd/nmbd take, from experience, very little resource on the machine.

And "0-day" exploits is a weak excuse not to use specific software - that type of threat can affect any piece of software ever created... If you're so worried about 0-day security holes, don't let strangers on your damn network!

Search for ftp exploits, then for Samba-specific exploits - see which you find more of... Cripes, wu-ftpd is the cause of half of them, but nearly all implementations have had problems at one point of another.
First of all, I would never use wu-ftpd, only half-witted morons use that daemon, I use Pro-FTPD. Secondly, like I said this is a high risk network, but the information being copied to the FTP server and forth is encrypted (encrypted before being sent, and after), so it doesn't matter if they can get the passwords (which would require rooting one of the servers, which is damn near impossible). Thirdly, not letting users on the network is not an option, thats plain and simple. Fourthly, Samba is still in its infant stage in my opinion, it has had nowhere as many code audits as Apache or Pro-FTPD. I don't trust it. For those of you that would just tell me to shut the hell up about the users/security, I can't take the risk with this kind of data being transferred. I can't say what it is, but I can assure you that its important enough to encrypt it on the server, and store all decryption keys on cd-rws. I forgot to mention though, sniffing is impossible because the network is switched. In order to sniff the passwords, they would already have to have root on the FTP server, which is redundant as hell, because then they could just copy the damn files. And finally, you are correct, 0-day exploits happen all the time. Thus, running less services lessens the propability that there will be a 0-day exploit for the few services that we do run, in which one or more hosts will be comprimised before a patch is available. Its all about statistics, and thats how I sleep at night. Oh yeah, commercial solutions are unacceptable, looks like the user is just going to have to deal with copying the files manually.
cerberusofhate
# 11  
Old 10-25-2002
Quote:
Originally posted by cerberusofhate

and store all decryption keys on cd-rws. I forgot to mention though, sniffing is impossible because the network is switched. In order to sniff the passwords, they would already have to have root on the FTP server, which is redundant as hell, because then they could just copy the damn files. And
I call BS.

I have monitored traffic on a switched network by unplugging RJ45 and re-connecting into a hub and connecting hub to switch between two networks to monitor port usage. It is NOT impossible. Users could also get access to a mirrored port on the switch.

Quote:

don't trust it. For those of you that would just tell me to shut the hell up about the users/security, I can't take the risk with this kind of data being transferred. I can't say what it is, but I can assure you that its important enough to encrypt it on the server,
Then why use a protocol that sends passwords as cleartext to transfer data that is this important? Why not use scp or sftp? Is this FTP server accesable from the outside world? If so, what's to keep Ivan from sniffing out the cleartext from the outside?

But my real question is this: What is Win98 doing on a high-risk network? Isn't that a high-risk to begin with?

What's the stat? 80% of hacks come from inside the network with employees?
# 12  
Old 10-25-2002
Again, don't delude yourself, ProFtpd has it's share of holes as well. Only half-witted morons would place FTP in the middle of a couple of "non-rootable" super-dooper-secure boxes... I'm assuming it's running chroot()'d, but there's still problems with that.

And it is possible to sniff a switched network. It's called ARP cache poisoning, and if done correctly, you'll have no idea it's happening - until it's too late, of course.

And now you have a quick FTP server that's "redundant as hell", but originally it was "barely able to handle FTP"...

I think you're jerkin us around...
# 13  
Old 10-26-2002
Quote:
Originally posted by auswipe


I call BS.

I have monitored traffic on a switched network by unplugging RJ45 and re-connecting into a hub and connecting hub to switch between two networks to monitor port usage. It is NOT impossible. Users could also get access to a mirrored port on the switch.



Then why use a protocol that sends passwords as cleartext to transfer data that is this important? Why not use scp or sftp? Is this FTP server accesable from the outside world? If so, what's to keep Ivan from sniffing out the cleartext from the outside?

But my real question is this: What is Win98 doing on a high-risk network? Isn't that a high-risk to begin with?

What's the stat? 80% of hacks come from inside the network with employees?


Physical access, while not impossible, would first result in loss of life first, or at least someone pointing a gun at my head. All cables, etc are within two rooms, one of them is deadbolted with a door lock (where I am), the other is in another room, where 1 cable leads to the server room. Explain to me how an employee is supposed to hook up a hub in there without my knowledge. Lets get realistic here. Also, the employees are all on the outside, with the exception of ONE employee, who is on the inside, and who knows less about hacking than your average brain-dead script kiddie. There are no mirrored ports on the switch. Yes, the FTP server is inaccessable from the outside, all employees use sftp from outside connections. The win98 machine is not a security threat, as it is behind a firewall, and on top of that, with iptables rules, no server or workstation can communicate to the Win98 machine. Thus, the win98 machine could even be unpatched for all I care. My main concern was the FTP server. Again, employees are not the risk here, as I am the only person with physical access to the switch, and the other person here is a brain-dead moron when it comes to anything other than how to scedule dates on their palm pilot, and to take telephone calls.


However, to humor you, if someone can get into the lightly secured office without my knowledge, and set up a hub in there also, what the hell is to stop them from just taking a gun and shooting the lock (or for the more dramatic, blowing a hole in the wall)? And if, *IF* there were more users, and say perhaps a hub or two, you would be damn sure that I would be setting the 98 machine up on the same switch as the FTP server, located in the server room. I may be paranoid, but to think that an employee who has U.S. government level security clearance would risk their job, their liberty, and their asses to own a win98 machine, or to steal their password, or to even root one of the Linux servers, that is going a bit far. I would consider the risk if it was civilians with nothing to lose, and we didnt prosecute, but our employees know better, with the type of info that we deal with.


As for the insecure win98 machine, yet again, it has *NO* ports open, so how the hell is someone going to cause a buffer overflow on a machine with no open ports. TCP/IP attacks, maybe, but like I said, the only system that can communicate with the 98 box is the FTP server. Not even the proxy is allowed to communicate to the win98 machine, as they have no need for surfing the net and what-not.

Last edited by cerberusofhate; 10-26-2002 at 05:54 AM..
cerberusofhate
# 14  
Old 10-27-2002
Quote:
Originally posted by cerberusofhate

Physical access, while not impossible, would first result in loss of
My argument stands firm. You just confirmed that it is not impossible, even though highly improbable.

Quote:

the server room. I may be paranoid, but to think that an employee who has U.S. government level security clearance would risk their job, their liberty, and their asses to own a win98 machine, or to steal their password, or to even root one of the Linux servers, that is going a bit far. I would consider the risk if it was civilians with nothing to lose, and we didnt prosecute, but our employees know better, with the type of info that we deal with.
Why did John Walker turn over comm codes to Ivan? He passed the same background check that I did, and he wasn't a civilian at the time.

Quote:

As for the insecure win98 machine, yet again, it has *NO* ports open, so how the hell is someone going to cause a buffer overflow on a machine with no open ports. TCP/IP attacks, maybe, but like I said, the only system that can communicate with the 98 box is the FTP server. Not even the proxy is allowed to communicate to the win98 machine, as they have no need for surfing the net and what-not.
So you have a Windows 98 machine whose only purprose in life is to contact a FTP server. Just out of curiosity, why isn't Win2000 an option?
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Mapping drive

please forgive me. i know this is unix forum. CIFS can map to shared windows folder. i just wonder if windows can map to unix shared folder. if yes, please enlight me... (5 Replies)
Discussion started by: lawsongeek
5 Replies

2. UNIX for Dummies Questions & Answers

Execution of local commands for remote site.

Hi all, I have a problem with ftp execution within unix environment. I'd like to get files on remote and delete them later, but here is too crowd so I can accidentally delete some files. Can I delete only the files I can get to the local folder? I can ask this question with a different... (14 Replies)
Discussion started by: attillam
14 Replies

3. Debian

How to install package from local hard drive?

Hello, I want to install a .deb package which I already have on the hard drive. I have tried to edit /etc/apt/sources.list to point to the file but apt-get says it can't find it. The package is not in the Debian repository. Debian 6.0 (3 Replies)
Discussion started by: snorkack59
3 Replies

4. Red Hat

drive mapping

What is the eqiuvalent of /dev/dsk/rdsk in linux vs Solaris (1 Reply)
Discussion started by: walnutpony123
1 Replies

5. HP-UX

configuring site-local IPv6 address

How do I configure site-local IPv6 address in HP-UX box? I can get link local IPv6 address automatically when I put IPv6 up. aps39-88-root# ifconfig lan0 inet6 up (0 Replies)
Discussion started by: kirtikjr
0 Replies

6. AIX

Do I need to configure my local windows to FTP files from local windows to a UNIX AIX server?

Hi Friends, I have this script for ftping files from AIX server to local windows xp. #!/bin/sh HOST='localsystem.net' USER='myid_onlocal' PASSWD='mypwd_onlocal' FILE='file.txt' ##This is a file on server(AIX) ftp -n $HOST <<END_SCRIPT quote USER $USER quote PASS $PASSWD put $FILE... (1 Reply)
Discussion started by: rajsharma
1 Replies

7. Web Development

Creating a blog site on a local computer

Hello! I would like to create a blog website on a web domain of mine. The blog will be used for publishing economics-lated articles. I tried to use a few open source packages for blog creation (WorldPress, b2evolution, Movable type) which I wanted to test on a local computer before arranging... (5 Replies)
Discussion started by: degoor
5 Replies

8. Shell Programming and Scripting

Creating a text file in Local Drive

Hi All, I am new in Shell Script. I have a ksh script running in the Unix Server and basically in that script I need to create a text file but the text file has to be generated in the local PC (the user computer such as in C:\ drive). I have no idea on how to do it and I need it pretty urgently.... (2 Replies)
Discussion started by: yramli
2 Replies

9. Solaris

OpenSolaris 2008.11 Hard Drive Device mapping

Dear Solaris Experts, I am a bit confused about OpenSolaris Hard Drive device mapping. On RedHat Linux based system, an IDE on first channel master drive is mapped as /dev/hda, first channel slave drive will be /dev/hdb, etc. For (Open)Solaris systems I found it as /dev/rdsk/c3d0p0 : ... (0 Replies)
Discussion started by: Zepiroth
0 Replies

10. UNIX for Advanced & Expert Users

percentage sign in a drive mapping ?

Good day all, I'm hoping someone can help me understand what the percentage sign is and does in mapping a drive to a server ? I provided the example for you. (ie \\server1\share%simon) thanks simon2000 (2 Replies)
Discussion started by: simon2000
2 Replies
Login or Register to Ask a Question