OK, don't know if any of you use this, but I run an FTP server on my home machine, basically just using the in-built software which is included with Windows 2000, XP, etc... both on workstation and server versions.

Anyway, I use this to upload and download files to and from work. I have also made virtual directories for certain friends so that they can download files I make available for them such as up-to-date TV episodes I get from IRC, and so forth.

But there is a problem: My username and password are sent in unencrypted ASCII when I authenticate, and anyone in the path between my machine and the machine I am connecting from (i.e. anyone of the hosts you see listed when you do a traceroute) can see this information if they use some kind of network packet analyser software like Network monitor.

This is potentially bad news but not so bad, since there's probably only certain fairly safe stuff between myself (NTL user) and the client machines (mostly in the university where I work) but I still don't like the idea of it.

And there is another problem: ANYONE ELSE out there on the Internet can connect, or at least try to, leaving my FTP server open to some form of BRUTE FORCE attack from outsiders.... OBVIOUSLY I HAVE DISABLED ANONYMOUS CONNECTIONS but that doesn't stop some machines out there trying to connect anyway or try to guess what accounts DO have access....

NOW, I could use some more encrypted and safe means of connection, such as open SSH ( www.openssh.com ) but let's assume for the moment that I want to stick with FTP....

Well, what I discovered that you could do is grant or deny connections based on IP address, and that this could also apply to a range of addresses as well. Here is where its hiding:




I had to firstly add my own IP address as a single host, and then added ranges of addresses because I wanted to be able to connect from any machine on certain networks at work. So for those, instead of entering the IP address of the host, I entered the broadcast address and subnet mask of the network. This is pretty simple to work out if you know a little about subnetting and can do a few binary calculations.

I've airbrushed this information away as I'm not too keen to broadcast this information, but its simple to get from your work or at home by looking at your tcp/ip settings with the ipconfig /all command in a command prompt.

I would add that I had to restart the FTP publishing service for this to take effect....

And, obviously, if you want a friend to be able to connect to your FTP server you will have to get their IP address and add it to the list of allowed connections.

Now there's no more hacker war ftp accesses from machines all over the net trying to hack into me to upload warez onto my machine or something.....

Good luck trying it, post back if you have any questions.

I haven't really benchmarked others in comparison, but you install the one in XP with the following:

Add remove programs - add remove windows components - internet information services - click details - select ftp server, next, next, etc, etc....

Its fairly simplistic in terms of what you can do, but most folks will not want some of the more advanced features of other FTP clients (such as the ability of users to accumulate points in return for uploads, which they may exchange for downloads, etc). The tools for configuration of the built in FTP server are very useful and simple, and one should have no problem setting up a server, a root, virtual directories, etc.... post back with any questions.

If your existing FTP server is worth a damn, it will allow you to only have folks on the campus and others that you specify to be able to connection.

The last thing you want is someone to hack your FTP server and start uploading kiddie porns, warez, etc....

I never knew either but that's what im going to install the second i get home. Also, i need to learn how to allow only certain ip addresses. I have a DLink Wireless Router now so if anyone knows how to do it on a wireless router post here. Thanks!

I'm not familiar with your router but the Microsoft FTP server can exclude IPs in much the same way that it can grant them....

Now access attempts that did not get through are logged in event viewer....

Even just tonight, 3 folks have attempted to connect to my machine's ftp. Hehehe, hard luck suckers....

One from belguim. One from France. Once from Taiwan. All over the world, people are trying to crack into your machine all the time as soon as you get 24/7 broadband...

I'll be back with more security enhancing tips as soon as I get them....

You install it from add/remove programs, windows components, internet information services....

You configure it via Internet Services Manager in administrative tools.

To set up directories for users (virtual directories), then right click and select new virtual directory. Make the user an account on your machine first. Give their virtual dir the same name as their account. Its best to create the dir on an NTFS partition so that you can set permissions on it. Just play with it, its easy to use and you will get the hang on it soon....

yes its hackable... but then ALL computer systems are hackable unless they have no access to anything....

you can't like hack into the fbi's computer system over the internet because, quite simply, its not connected to the internet.

but anyway, i digress...

yes its hackable, so yes you should keep your system up to date with patches, fixes, following security guides, etc. But the same is true of any system.

Just because something is Microsoft does not make it easy to hack and just because something is not Microsoft does not make it unbreakable. There's ways into everything but if you follow some fairly simple info and keep your wits about you and stay informed then hopefully this will never happen to you.

This DID happen to me, but I was unlucky and did not take enough precautions.

When I check event viewer now, I find that about 5 people try to hack my ftp every day. There's nothing you can do to stop them trying, but you can take precautions so that its much much harder for them to do so...