If you have an anonymous ftp server that can be accessed behind your
firewall, you might want to take an interest in this.
Here is some advise from Sun that I highly recommend you DO NOT DO.
If you look at the MAN page for ftpd, you will see the following
the following rules are recommended.
Make the home directory owned by ``ftp'' and unwritable
I highly recommend you change that to owned by ``root''. If anyone can log
in as ftp, there is nothing to stop them from doing SITE CHMOD 777 to the
main directory and putting .rhosts or .forward there allowing instant
With advise like that, who needs trojans?
Christopher William Klaus <cklaus @
net> <iss @
Internet Security Systems, Inc. Computer Security Consulting
2209 Summit Place Drive, Penetration Analysis of Networks
Atlanta,GA 30350-2430. (404)998-5871.