To all Coders

Any of you know a good stealth small FTP server in MASM?
No fun actions only minimum normal operations?

Thanks all and a nice day

gpsing
Posted on 2002-12-24 10:24:34 by gpsing
Why "stealth"? You wouldn't be trying to do anything illegal, would you? We're trying to keep this board 100% clean. No hacking, cracking, virii or other trash here.

I suggest you go read the rules
Posted on 2002-12-24 10:36:05 by Qweerdy

Why "stealth"? You wouldn't be trying to do anything illegal, would you? We're trying to keep this board 100% clean. No hacking, cracking, virii or other trash here.

I suggest you go read the rules


Listen dear QWEERDY

I'm a business man. 48 years old. I've with my friend a finance company in switzerland. Also Qweerdy... I'm not a hacker. We are legal and normal. Same as your self!!!

The hidden FTP server is only hidden do to 14 other peoples in my company. Thats it!!!!!!! I'm not happy when we have uploads from other peoples. Now... I think on this board are coders. We're trying also 100% legal. I hope you are happy now.

Beda Singenberger, Chairman
Sinco Trust Ltd.
Idastrasse 15
3003 Zurich
Switzerland
http://www.sincotrust.ch
Posted on 2002-12-24 12:31:44 by gpsing

Why "stealth"? You wouldn't be trying to do anything illegal, would you? We're trying to keep this board 100% clean. No hacking, cracking, virii or other trash here.

I suggest you go read the rules


Qweerdy, don't turn into bazik.
Posted on 2002-12-24 13:59:38 by comrade



Qweerdy, don't turn into bazik.


Thank you for information COMRADE. It's not required
QWEERDY have my information. I think QUEERDY has
not understand my problem. Two years we has had
a normal FTP server to transfer datas from Zurich to
Geneva and back. Within five month 2 peoples makes
illegal private transfers from Geneva to my main office
in Zurich. Today I think the best is we install a hidden
ftp server. So my companion can transfer only finance
datas to my office and all the other peoples can not
check my own FTP server and the incoming transfers
to the password protected directory to my business
partner.

I hope all can unterstand this requirement. I wish
you a nice.

Beda Singenberger
Posted on 2002-12-24 14:12:07 by gpsing
gpsing, could you perhaps use a regular ftp server, but set up password protected accounts, that should also be secure.

Don't think too badly of Qweerdy, I was supicious myself. I know you pribably felt you'd no need to explain yourself, but I thnk it was the lack info and briefness of your origional post which sparked those suspicions.

And Qweerdy, sure while Baziks gone its good to have someone taking over his job :grin: .
Posted on 2002-12-24 14:23:50 by Eóin
gpsing,

I am very sorry if I offended you. Rereading my original post, I can see how it would really piss someone off who wasn't trying to do anything wrong. Sorry for that, I guess I was in a bad mood. :o

However, I do think a certain amount of paranoia is required. There ARE people coming to this board asking about illegal things. If you had just given that little bit of background information, I would've been happy to help. I just couldn't think of any legitimate reason why anyone would want a stealth FTP server. In retrospect the friendly and correct form of your post should have led me to reply in that same way.

I hope I didn't ruin your first post too much, and I wish you a happy christmas!
Posted on 2002-12-25 03:53:06 by Qweerdy
gpsing,

Let's see if we can get an answer to your question. ;)

You presented a solution versus requirements. I believe your requirement is to securely transfer files between two locations. An important point would be how large are these files.

FTP is not usually secure since it usually transmits clear text passwords. You'd have to use a special ftp server and client that encrypted the passwords to remain secure.

Another solution is sending your data by encrypted email. PGP is a good mechanism. This is usually the best method if you want to keep it simple. However, you would have to make sure your mailboxes allowed the size limits you might require.

Or you could set up a secure web server using HTTPS.
Posted on 2002-12-25 14:29:03 by Kdr Kane
you don't need a 'hidden' ftp server (a simple port sweep will uncover it anyway). You need a better policy and start firing people.

Let your admin lock things down, control stuff and be prepared to fire people over violations. This is where you have your code of conduct of electrical appliances and internet resources for :). This could be considered Computerfraud, such things can be very serious and people should know it. Don't forget that the employer and/or owner of the FTP is responsible for all material on it and transfered by it. (so if any illegal material is on it.... )

This is a human factor problem as I read it, not a coding error.

Once someone knows the pass to your ftp server there's nothing you can do to stop them. Security through obscurity isn't secure at all.

Maybe you should look into setting up a vpn between your 2 offices. As the others said FTP is unencrypted ASCII traffic which can be a problem if you're subject to a "man in the middle" attack. Also unless you specify that anonymous people can upload (then you're to blame yourself and there's no solution to your problem), the uploaders need to get their login/password from somebody.

Good luck.
Posted on 2002-12-25 14:40:44 by Hiroshimator
Hello Qweerdy
Hello Eoin
Hello Kdr Kane

First of all. Dear Qweerdy thank you. That's NO problem!

And now to ALL. Many thanks to help. I've now a normal
FTP Server with strong password procedure. So we hope
that line remains clean to upload and download business
datas only.

Happy christmas to all and a happy new year!!!

gpsing
Posted on 2002-12-25 14:47:56 by gpsing
isn't there an encrypted (and enchanced) version of ftp? eftp or ftps or something? meh :grin:
Posted on 2002-12-25 22:53:51 by jademtech
Hmm, I could use a somewhat stealthy FTP server, one that doesn?t have any install routines, registry entries, and that can be started and stopped as needed. I need to transfer report files from an RS/6000 to my desktop and I do not want to install any type of daemon on the *inx box or install the FTP service on the Windows Servers.

The company I work for has policies that state not to run any type of server on desktop systems. Sometimes corporate polices get in the way or try to tie the hands of IT people but I?ve always been one to take shortcuts as long as there safe. For now I install a FTP server use it and uninstall when I?m finished transferring. :tongue:

I was hoping to find source here but it would be more fun to program it myself. All I need is to accept incoming connections and receive the files. Easier said than done since I haven?t any experience with sockets but it?s all about learning.
Posted on 2002-12-26 00:52:42 by mcderek7
jademtech: yes. eftp at http://www.eftp.org

but I don't think that's useable with normal ftp clients nor is it out of beta stage.

It's also a bit pass? in a sense. If a VPN is set up between those 2 offices then they could use it as if they where sharing files with an office computer in the next desk all secure and encrypted over the plain internet. Less hassle I think.
Posted on 2002-12-26 08:19:08 by Hiroshimator



Qweerdy, don't turn into bazik.


Heh :grin:
Posted on 2002-12-29 19:35:45 by bazik
Most of the time the people that use your FTP for illegal purposes are using so called scanners that scan large ip ranges along the port 21. A easy solution for you would be to open a much higher port or use say another common service one like 23 :P.
Also look into SSL with ftp as this can be much more secure
Posted on 2003-01-02 00:06:40 by Uradox