1.  Home
  2. MIDRANGE-L
  3. December 2000

Re: FTP - Security & audit

  • Subject: Re: FTP - Security & audit
  • From: John Earl <johnearl@xxxxxxxxxxxxxxx>
  • Date: Thu, 21 Dec 2000 09:51:50 -0800
  • Organization: The PowerTech Group
 
Ben,

Ben Akiba wrote:

> OK, security gurus, here is a situation:
>
> FTP client on PC, FTP server AS/400, boxes A and B, V4R5. Put a file
> from PC to A, put a file from PC to B. Files overwritten.
>
> QAUDJRN on A contains entry type SK (Secure Sockets connection) with PC
> internet address and AS internet address, then SP (Swap profile) showing
> swap between MyUserId and QTCP, and finally 4 entries showing that file
> was cleared and written into (file is under OBJAUD *CHANGE).
>
> QAUDJRN on B contains everything except first entry (SK with address of
> client requesting transfer).
>
> Client and servers are on the same (fairly complex) network, and routes
> are not necessarily the same (actually boxes A and B don't "see" each
> other). No exit programs so far, but working on it.
>
> Question: what is different in set up, so auditing of Box B doesn't
> reveal requester's address. I guess, it might have something to do with
> SSL, but I didn't notice ports (443?), other that "FTP - well known" on
> box A. Any ideas? Solutions?

The SK audit entry indicates an SSL connection, but OS/400 V4R5 does not support
SSL for FTP.  I'd bet that the SK entry is unrelated to the FTP operation.  To
find out for sure, take a look at the job that created the SK entry.  If the job
is named QTFTPnnnnn, then you've got a real interesting phenomina.  I'd bet it's
not.



> Bonus question:
> Completely unrelated, what would be a typical server command for the FTP
> SERVER running on the PC, so that I can run command on PC from FTP
> client on AS? (Once again, don't confuse this problem with previous one,
> this is totally opposite situation)

You have to have an FTP server on the PC, and though every copy of Windows ships
with an FTP client, FTP servers are a different animal.  I've used the WAR FTP
server ( http://www.jgaa.com/tftpd.htm --- and make sure you get at least 
version
1.7.1 ), but there are a number of themm out there and I don't have enough
persoanl experience with them to endorse any one ofver the other.

jte


--
John Earl                    johnearl@400security.com
The PowerTech Group      --> new number --> 253-872-7788
PowerLock Network Security   www.400security.com
--


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.