Board index Linux development

anonymous ftp reveals true user identity?!

anonymous ftp reveals true user identity?!

Post by Oliver Wenisc » Fri, 06 Jul 2001 03:24:40



I have just been taken by surprise of the following:

Logging in by anonymous ftp (from the SuSE 7.1 distribution) onto, e.g.
ftp.alsa-project.org,


I am greeted with

"    Advanced Linux Sound Architecture FTP archive -
FTP.ALSA-PROJECT.ORG
    ********************************************************************

 Welcome owenisch at
soma.t30.physik.tu-muenchen.de.                           <<<<<<<
 You are 12th (max 100) archive user in your class at the moment.
 Your data-transfer rate has no limitations.
 Server is running on an AMD K6-II/200 system.
 Operating system is SuSE Linux 6.3.
  ..."

So how could the ftp server of ALSA get hold of my local username (line
marked by <<<<<)
even if I explicitely wanted to login anonymously?!
Anyone with an idea?

Oliver

 
 
 
Top

anonymous ftp reveals true user identity?!

Post by Lew Pitch » Fri, 06 Jul 2001 03:32:53


On Wed, 04 Jul 2001 20:24:40 +0200, Oliver Wenisch


>I have just been taken by surprise of the following:

>Logging in by anonymous ftp (from the SuSE 7.1 distribution) onto, e.g.
>ftp.alsa-project.org,


>So how could the ftp server of ALSA get hold of my local username (line
>marked by <<<<<)
>even if I explicitely wanted to login anonymously?!
>Anyone with an idea?

It is the custom with anonymous ftp that the FTP userid used is
'anonymous' and the corresponding password is your full email address.
Some FTP servers perform ident calls to ensure that the email address
you give as a password matches a real user. It looks like your FTP
client has been configured to automatically send your email address
when performing an anonymous FTP login.

Lew Pitcher, Information Technology Consultant, Toronto Dominion Bank Financial Group

(Opinions expressed are my own, not my employer's.)

 
 
 
Top

anonymous ftp reveals true user identity?!

Post by Moritz Franosc » Fri, 06 Jul 2001 04:00:04


Quote:> It looks like your FTP
> client has been configured to automatically send your email address
> when performing an anonymous FTP login.


prompted, I get this:


Connected to alsa.jcu.cz.
220 ProFTPD 1.2.0pre9 Server (ftp.alsa-project.org) [alsa.alsa-project.org]
Name (ftp.alsa-project.org:jfranosc): anonymous
331 Anonymous login ok, send your complete e-mail address as password.
Password:
230-
    Advanced Linux Sound Architecture FTP archive - FTP.ALSA-PROJECT.ORG
    ********************************************************************

 Welcome jfranosc at amok.t30.physik.tu-muenchen.de.
 You are 3th (max 100) archive user in your class at the moment.
 Your data-transfer rate has no limitations.
 Server is running on an AMD K6-II/200 system.
 Operating system is SuSE Linux 6.3.

 Local time is Wed Jul  4 20:54:32 2001.


230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.

Why should ftp prompt for a password if it sends the e-mail address
anyway?

Also, if I use ncftp, it also sends my user name:




ncftp> open ftp.alsa-project.org
Connecting to 160.217.1.49...
ProFTPD 1.2.0pre9 Server (ftp.alsa-project.org) [alsa.alsa-project.org]
Logging in...

    Advanced Linux Sound Architecture FTP archive - FTP.ALSA-PROJECT.ORG
    ********************************************************************

 Welcome jfranosc at amok.t30.physik.tu-muenchen.de.
 You are 11th (max 100) archive user in your class at the moment.
 Your data-transfer rate has no limitations.
 Server is running on an AMD K6-II/200 system.
 Operating system is SuSE Linux 6.3.

 Local time is Wed Jul  4 20:58:42 2001.


Anonymous access granted, restrictions apply.
Logged in to ftp.alsa-project.org.  

Moritz

 
 
 
Top

anonymous ftp reveals true user identity?!

Post by Moritz Franosc » Fri, 06 Jul 2001 04:05:24


It's the same with telnet:


Trying 160.217.1.49...
Connected to ftp.alsa-project.org.
Escape character is '^]'.
220 ProFTPD 1.2.0pre9 Server (ftp.alsa-project.org) [alsa.alsa-project.org]
anonymous
500 ANONYMOUS not understood.
help
214-The following commands are recognized (* =>'s unimplemented).
 USER    PASS    ACCT*   CWD     XCWD    CDUP    XCUP    SMNT*
 QUIT    REIN*   PORT    PASV    TYPE    STRU*   MODE*   RETR
 STOR    STOU*   APPE    ALLO*   REST    RNFR    RNTO    ABOR
 DELE    MDTM    RMD     XRMD    MKD     XMKD    PWD     XPWD
 SIZE    LIST    NLST    SITE    SYST    STAT    HELP    NOOP

USER anonymous
331 Anonymous login ok, send your complete e-mail address as password.

230-
    Advanced Linux Sound Architecture FTP archive - FTP.ALSA-PROJECT.ORG
    ********************************************************************

 Welcome jfranosc at amok.t30.physik.tu-muenchen.de.
 You are 12th (max 100) archive user in your class at the moment.
 Your data-transfer rate has no limitations.
 Server is running on an AMD K6-II/200 system.
 Operating system is SuSE Linux 6.3.

 Local time is Wed Jul  4 21:03:14 2001.


230 Anonymous access granted, restrictions apply.

Moritz

 
 
 
Top

anonymous ftp reveals true user identity?!

Post by Gordon Olive » Fri, 06 Jul 2001 04:28:04




> It's the same with telnet:

It is _not_ the password that you send, but rather identd telling the
world who you are... If you want to see it in action, run tcpdump,
showing all traffic to and from the given host. You will see a query to
identd. (note that you probably need to be superuser to do this, and you
need to have tcpdump installed)

also try: "man identd"

        -gordo

 
 
 
Top

anonymous ftp reveals true user identity?!

Post by Dave Pla » Fri, 06 Jul 2001 05:15:20


>> It looks like your FTP
>> client has been configured to automatically send your email address
>> when performing an anonymous FTP login.


>prompted, I get this:


>Connected to alsa.jcu.cz.
>220 ProFTPD 1.2.0pre9 Server (ftp.alsa-project.org) [alsa.alsa-project.org]
>Name (ftp.alsa-project.org:jfranosc): anonymous
>331 Anonymous login ok, send your complete e-mail address as password.
>Password:
>230-
>    Advanced Linux Sound Architecture FTP archive - FTP.ALSA-PROJECT.ORG
>    ********************************************************************

> Welcome jfranosc at amok.t30.physik.tu-muenchen.de.

Odds are, your host system is running the "ident" daemon.  When you
make a connection to the FTP server, the FTP server notes the fact
that your inbound TCP connection originated on (e.g.) port 5433 on host
amok.t30.physik.tu-muenchen.de, contacts your host's ident server on
port 113, and asks (in effect) "Hey, who is using port 5433?".  Your
host's ident server quite politely sends back your username.

If you don't want this to happen, disable the ident service in your
/etc/inetd.conf and restart the inet daemon.

--

Visit the Jade Warrior home page:  http://www.radagast.org/jade-warrior/
  I do _not_ wish to receive unsolicited commercial email, and I will
     boycott any company which has the gall to send me such ads!

 
 
 
Top

anonymous ftp reveals true user identity?!

Post by Grant Edwar » Fri, 06 Jul 2001 08:59:17



>I have just been taken by surprise of the following:

>Logging in by anonymous ftp (from the SuSE 7.1 distribution) onto, e.g.
>ftp.alsa-project.org,


>I am greeted with

>"    Advanced Linux Sound Architecture FTP archive -
>FTP.ALSA-PROJECT.ORG
>    ********************************************************************

> Welcome owenisch at
>soma.t30.physik.tu-muenchen.de.                           <<<<<<<
> You are 12th (max 100) archive user in your class at the moment.
> Your data-transfer rate has no limitations.
> Server is running on an AMD K6-II/200 system.
> Operating system is SuSE Linux 6.3.
>  ..."

>So how could the ftp server of ALSA get hold of my local username (line
>marked by <<<<<)

The machine name is easy enough with a reverse DNS lookup.  The
username probably came from identd.  I'm guessing you've got
way too many services enabled and ports open on your machine.

--
Grant Edwards                   grante             Yow!  LOOK!! Sullen
                                  at               American *s wearing
                               visi.com            MADRAS shorts and "Flock of
                                                   Seagulls" HAIRCUTS!

 
 
 
Top

anonymous ftp reveals true user identity?!

Post by Villy Kru » Fri, 06 Jul 2001 15:38:21


On Wed, 04 Jul 2001 20:24:40 +0200,

Quote:

>So how could the ftp server of ALSA get hold of my local username (line
>marked by <<<<<)
>even if I explicitely wanted to login anonymously?!
>Anyone with an idea?

Anonymous login does not mean you should be anonymous.  It means you
can use the server without having an account.  It is just common
curtesy to say who you are when you visit the site.  You should also
assume that the names of the files you might retreive will be logged.

Villy

 
 
 
Top

anonymous ftp reveals true user identity?!

Post by Moritz Franosc » Sat, 07 Jul 2001 04:15:28


Quote:> It is _not_ the password that you send, but rather identd telling the
> world who you are...

Right, we have identd enabled, I think it's default with SuSE Linux
7.1.

Can anything break if identd is disabled?

Moritz

 
 
 
Top

1. Flatfishes *true* identity revealed at last!

Its true, and his name is ...

           24.187.184.105: Forte Agent 1.8/32.553

Lets use this to describe the troll otherwise known as:-

"Steve,Mike,Heather,Simon,teknite,keymaster,keys88,Sewer Rat,
S,Sponge,Sarek,piddy,McSwain,pickle_pete,Ishmeal_hafizi,Amy,



?

--
* OSS is long-term credible ... FUD tactics can not be used to combat it.
  Free Micro Burner http://w3w.arafuraconnect.com.au/~tp/burn.html          
     ** Registration Number: 103931,  http://counter.li.org **

2. net help!!

3. How to create a ftp user such as FTP/anonymous???

4. help with network setup on intranet with routers...please

5. Fake root for ftp-user other than "ftp/anonymous"?

6. kppp helper daemon

7. how to set a anonymous ftp but user ftp have unique passwd

8. Help ! Telnet takes forever !

9. user ftp like anonymous ftp

10. (SUMMARY) Fake root for ftp-user other than "ftp/anonymous"?

11. identity of ftp/http users

12. Can I hide my true identity using Pnews?

13. Bill Gates true identity


All times are UTC
Board index