Here is a bug I found in the NT 3.51 FTP server......I would be
careful with the FTP server.
It seems that the FTP Server user authentication does not follow the
same rules as other NT user authentications...If you have have
intruder detection set for your system, the FTP server seems to ignore
it. Try this:
1. With the NT User Manager tool enable intruder detection and set
your intruder detection to 3 trys, with a really long lockout period.
2. Pick a userid (administrator will do -- just remember that you are
going to lock this account out for a while!) and try to log into FTP
with invalid passwords at least 4-5 times
4. Check the userid with the User Manager tool.....it should be locked
3. Try an FTP logon again with the correct password....and it will let
you in....even though the User Manager tool says it's locked out!!!
(I tested this in NT3.51 workstation -- will try 4.0b next to see if
it was fixed)
I would be careful with the NT FTP server --- No lockout means
someone can try as many times as they like to break your passwords. I
wonder what else is broken???
This was mentioned a few days ago, but also keep in mind that NT uses
the local user database for authentication, so will allow the 'Guest'
user to log-in even if you have FTP guest access disabled (two
different guest users with very different access rights.) -- By
default NT creates a 'Guest' user, and does not assign a password!
The default NT 'Guest' user will get almost full filesystem
rights....This means no CHROOT from FTP! I recommend disabling the NT
'Guest' account..or least assigning it a good password and limiting
filesystem access. (remember....no intruder detection & stupid
password=easy find with password scanner, and they can delete most of
your hard-drive with the default permissions!)
Like someone said -- C2 is meaningless on a network!
All for now,