[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Backup Solution using FTP to Other Server
- Subject: Re: [cobalt-users] Backup Solution using FTP to Other Server
- From: "H.P. Stroebel" <hpstr@xxxxxxxxxxxxx>
- Date: Sat Jun 10 16:13:00 2000
Brian Kane schrieb:
> Here's how we automatically backup our RAQ2 via FTP using the publicly available FTPBACKUP software (ftpbackup-2.1).
why anonymous ftp ? is that server configured to allow anonymous upload,
BUT NOT download ? how do you approve that the file that you restore has
been uploaded by yourself ?
that could create a *really severe* problem ( as the backup contains
files with your ip-adresses, gateways, passwords, users etc !)
two possible scenarios :
1) retrieve the file, decrypt passwords, job done -> admin/root access
on your server
2) retrieve the file, decrypt passwords, change passwords, add users,
add trojan horses, change binaries, add hidden attack/scanning scripts,
create a new backup file, load it up instead of your original, access
your server, make it crash, and let you install the infected backup file
instead of the original.
at least you should encrypt that file.
i think that that solution is intended for internal *secure* networks.
--
H. P. Ströbel
PGP Digital Fingerprint :
58E0 6ECB 620A A689 E206
BCA8 300F BC45 6EEC F7C3
Yes, I do. But not Yahoo.