IETF Logo Mail Archive

RFC 2577 on FTP Security Considerations

RFC Editor <rfc-ed@ISI.EDU> Wed, 12 May 1999 16:55 UTC

Received: by ietf.org (8.9.1a/8.9.1a) id MAA02789 for ietf-123-outbound.10@ietf.org; Wed, 12 May 1999 12:55:03 -0400 (EDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA00540 for <all-ietf@ietf.org>; Wed, 12 May 1999 12:13:24 -0400 (EDT)
Received: from ISI.EDU (jet.isi.edu [128.9.160.87]) by boreas.isi.edu (8.8.7/8.8.6) with ESMTP id JAA15277; Wed, 12 May 1999 09:13:25 -0700 (PDT)
Message-Id: <199905121613.JAA15277@boreas.isi.edu>
To: IETF-Announce:;
Subject: RFC 2577 on FTP Security Considerations
Cc: rfc-ed@ISI.EDU
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
Date: Wed, 12 May 1999 09:13:25 -0700
From: RFC Editor <rfc-ed@ISI.EDU>

A new Request for Comments is now available in online RFC libraries.


        RFC 2577: 

        Title:	    FTP Security Considerations
	Author(s):  M. Allman, S. Ostermann
        Status:     Informational
	Date:       May 1999
        Mailbox:    mallman@grc.nasa.gov, ostermann@cs.ohiou.edu
        Pages:      8
        Characters: 17870
        Updates/Obsoletes/See Also: None 
        I-D Tag:    draft-ietf-ftpext-sec-consider-02.txt

        URL:        ftp://ftp.isi.edu/in-notes/rfc2577.txt

The specification for the File Transfer Protocol (FTP) contains a
number of mechanisms that can be used to compromise network security.
The FTP specification allows a client to instruct a server to transfer
files to a third machine.  This third-party mechanism, known as proxy
FTP, causes a well known security problem.  The FTP specification also
allows an unlimited number of attempts at entering a user's password.
This allows brute force "password guessing" attacks.  This document
provides suggestions for system administrators and those implementing
FTP servers that will decrease the security problems associated with
FTP.

This document is a product of the Extensions to FTP Working Group of
the IETF.

This memo provides information for the Internet community.  It does
not specify an Internet standard of any kind.  Distribution of this
memo is unlimited.

This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST@IETF.ORG.  Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG.

Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body 
help: ways_to_get_rfcs.  For example:

        To: rfc-info@RFC-EDITOR.ORG
        Subject: getting rfcs

        help: ways_to_get_rfcs

Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.echo 
Submissions for Requests for Comments should be sent to
RFC-EDITOR@RFC-EDITOR.ORG.  Please consult RFC 2223, Instructions to RFC
Authors, for further information.


Joyce K. Reynolds and Alegre Ramos
USC/Information Sciences Institute

...

Below is the data which will enable a MIME compliant Mail Reader 
implementation to automatically retrieve the ASCII version
of the RFCs.
ftp://ftp.isi.edu/in-notes/rfc2577.txt"><ftp://ftp.isi.edu/in-notes/rfc2577.txt>

v2.23.0 | Report a Bug | By Email