FTP Anonymous Login Account

F

FLYNNE

I operate a computer for a local hotel.

In the UK new regulations have been introduced with respect to hotel
security and particularly computer security.

This hotel uses a bona fide company called Security Metrics ( recommended by
our local Barclays bank ) which scans our computer for security vulnabilities.

Up until the last test we have passed all previous scans.

We failed the last test in which the following comment was made :-

Security Vulnerabilities
Protocol TCP

Port 21

Program FTP

Anonymous logins are allowed on the remote FTP server. Description : This
FTP service allows anonymous logins. If you do not want to share data with
anyone you do not know, then you should deactivate the anonymous account,
since it can only cause troubles. Risk Factor: Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:p/I:N/A:N) CVE : CVE-1999-0497

Although we have Windows XP Home Edition there still appears to be an FTP
account on our system.

This problem needs to be solved ( I cannot get much joy from Security
Metrics ).

I eagerly await your reply
 
P

Paul

FLYNNE said:
I operate a computer for a local hotel.

In the UK new regulations have been introduced with respect to hotel
security and particularly computer security.

This hotel uses a bona fide company called Security Metrics ( recommended by
our local Barclays bank ) which scans our computer for security vulnabilities.

Up until the last test we have passed all previous scans.

We failed the last test in which the following comment was made :-

Security Vulnerabilities
Protocol TCP

Port 21

Program FTP

Anonymous logins are allowed on the remote FTP server. Description : This
FTP service allows anonymous logins. If you do not want to share data with
anyone you do not know, then you should deactivate the anonymous account,
since it can only cause troubles. Risk Factor: Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:p/I:N/A:N) CVE : CVE-1999-0497

Although we have Windows XP Home Edition there still appears to be an FTP
account on our system.

This problem needs to be solved ( I cannot get much joy from Security
Metrics ).

I eagerly await your reply
Click to expand...

I have a fresh install of WinXP Pro (SP3) here. To experiment, I went
to Add/Remove Programs and selected the Add/Remove Windows Components
options. There, I could select IIS to install (as it isn't installed
by default). I further clicked Details and added the FTP option.

After that was finished, I got a copy of TCPView from sysinternals.
Sysinternals was acquired by Microsoft, so the free programs are
downloaded from a Microsoft site.

http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

When I start the program "Tcpview.exe", it lists one entry of
interest.

Process Type Local Address Remote Address State
inetinfo.exe:3824 TCP lazy-5900beb0c6:ftp lazy-5900beb0c6:0 LISTENING

The ":ftp" there, means it is connected to port 21. The mapping of
names to port numbers, is here. Port 21 is ftp.

http://www.iana.org/assignments/port-numbers

If I check the properties of inetinfo.exe, the thing bound to port
21, it tells me it is part of IIS.

You could try a similar test with TCPView and see what is
binding to port 21 ("ftp").

Normally, I wouldn't have to worry about this, because the
NAT on my router, prevents instant accessibility of my
currently running FTP server. I'd have to port forward
at the router, if I wanted the outside world to access
it. It sounds like your computer must have a direct
connection to the Internet, because otherwise something
would have to port forward that particular port, to that
particular computer.

My router has a "stealth" rating, at least as far as one of
the popular scanning web sites is concerned. I think to do
that, I had to port forward one particular port on the router,
to the bit bucket (to a non-existent local IP address). If
I were to expose port 21, by port forwarding to this computer
with its fresh copy of IIS/FTP running, then I'd lose my stealth
rating, and also incur the possibility of getting rooted for
my trouble. FTP daemons aren't known for staying secure for
very long. FTPD is either an invitation to enter, or a sign
that somebody has already made themselves comfortable on
your computer :)

I'm going to uninstall IIS now. Good luck.

Paul
 
F

FLYNNE

I have been informed that it is not possible to create an FTP server on my
computer which runs Windows XP3 home edition . Also ISS is not possible on
this system.
I am a little confused.
Can you comment on this please ?

Regards
 
P

Paul

FLYNNE said:
I have been informed that it is not possible to create an FTP server on my
computer which runs Windows XP3 home edition . Also ISS is not possible on
this system.
I am a little confused.
Can you comment on this please ?

Regards
Click to expand...

The purpose of describing what I did, was to show that TCPView
can identify what is bound to port 21. From that, you should
be able to determine what application is doing it. I picked IIS,
because it has an FTP server, so I could quickly set it up.
I didn't mention IIS so you could use it. I used it as a
test case, to make sure TCPView would give a result.

So check TCPView now, and see what is binding to port 21.

Paul
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DCOM hell with SP2, Only way out seems to be system wide anonymous login 3

Top