Security concern - iChain miniFTP server does not limit number of invalid logins

  • 10096887
  • NOVL101285
  • 08-Mar-2005
  • 11-Mar-2005

Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.

Fact

iChain 2.3

iChain 2.2

iChain 2.3 Support Pack 2 applied (ic23sp2.exe)

iChain 2.3 Support Pack 3 applied (ic22sp3.exe)

MiniFTP server enabled

Access control to MiniFTP server enabled

Symptom

Security concern - iChain miniFTP server does not limit number of invalid logins

No intruder detection performed on iChain FTP server

Cannot lock or limit number of unsuccesful logins with iChain miniFTP server

Fix

There is no intruder detection available for the iChain miniFTP server at the application level. A defcet has been entered to enable this. There is a solution available at the OS level though. To avail of this solution, one needs to do the following:

1. enable NCPIP access to the iChain server
2. map a drive to the iChain server using a Novell client
3. run ConsoleOne and highlight the ICS container in the ICS_TREE DNS tree
4. Right click the mouse, and select "Properties" to open the Container Properties dialog box.
5.  In the container "Properties" Dialog window that appears, click on the "GENERAL" tab and select "Intruder Detection."
6.  The "Intruder Detection" Dialog screen should appear, and you can then select the appropriate options.
7.  Configure all settings based on what best suits your needs eg. number of login attmpts before account locked.


Once this is done, the config user (used to authenticate to the FTP server) will have any unsuccessful logins logged, with the IP address of the workstation that failed to authenticate. This information will be available under the 'Intruder Detection' option under GENERAL tab for that user.

Note

Thanks to Francisco Amato for notifying Novell of this invalid login issue.

Francisco Amato
Infobyte Security Research
www.infobyte.com.ar