RFC 2577 on FTP Security Considerations
RFC Editor <rfc-ed@ISI.EDU> Wed, 12 May 1999 16:55 UTC
Received: by ietf.org (8.9.1a/8.9.1a) id MAA02789 for ietf-123-outbound.10@ietf.org; Wed, 12 May 1999 12:55:03 -0400 (EDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA00540 for <all-ietf@ietf.org>; Wed, 12 May 1999 12:13:24 -0400 (EDT)
Received: from ISI.EDU (jet.isi.edu [128.9.160.87]) by boreas.isi.edu (8.8.7/8.8.6) with ESMTP id JAA15277; Wed, 12 May 1999 09:13:25 -0700 (PDT)
Message-Id: <199905121613.JAA15277@boreas.isi.edu>
To: IETF-Announce:;
Subject: RFC 2577 on FTP Security Considerations
Cc: rfc-ed@ISI.EDU
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
Date: Wed, 12 May 1999 09:13:25 -0700
From: RFC Editor <rfc-ed@ISI.EDU>
A new Request for Comments is now available in online RFC libraries. RFC 2577: Title: FTP Security Considerations Author(s): M. Allman, S. Ostermann Status: Informational Date: May 1999 Mailbox: mallman@grc.nasa.gov, ostermann@cs.ohiou.edu Pages: 8 Characters: 17870 Updates/Obsoletes/See Also: None I-D Tag: draft-ietf-ftpext-sec-consider-02.txt URL: ftp://ftp.isi.edu/in-notes/rfc2577.txt The specification for the File Transfer Protocol (FTP) contains a number of mechanisms that can be used to compromise network security. The FTP specification allows a client to instruct a server to transfer files to a third machine. This third-party mechanism, known as proxy FTP, causes a well known security problem. The FTP specification also allows an unlimited number of attempts at entering a user's password. This allows brute force "password guessing" attacks. This document provides suggestions for system administrators and those implementing FTP servers that will decrease the security problems associated with FTP. This document is a product of the Extensions to FTP Working Group of the IETF. This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from the IETF distribution list should be sent to IETF-REQUEST@IETF.ORG. Requests to be added to or deleted from the RFC-DIST distribution list should be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG. Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body help: ways_to_get_rfcs. For example: To: rfc-info@RFC-EDITOR.ORG Subject: getting rfcs help: ways_to_get_rfcs Requests for special distribution should be addressed to either the author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution.echo Submissions for Requests for Comments should be sent to RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC Authors, for further information. Joyce K. Reynolds and Alegre Ramos USC/Information Sciences Institute ... Below is the data which will enable a MIME compliant Mail Reader implementation to automatically retrieve the ASCII version of the RFCs.
- RFC 2577 on FTP Security Considerations RFC Editor