Running an FTP server from home (have used Serv-U and G6FTP/BPFTP) behind a Linksys 4-port router on a WIN2k machine.

I'd like to know what security issues I'm facing by leaving this online 24/7. I currently have port 21 open and have setup 2 user accounts that allows upload to a directory on a G: partition, temp directory(away from any root directories).

My few questions:
- Would it be safer to open up a less-known port rather than 21?

- Do I need to point to my internal IP for the DMZ tab of the Linksys router setup so people are able to upload/download? I thought this exposed my machine to the internet (as if I haven't already done so by opening up a port anyway).

- Would I get better throughput if I made the "receive buffer" a larger value (such as 8192 instead of 4096) ?

If you can point me to any security sites on the web regarding FTP servers, I'd appreciate those too... THANKS!

Go to http://www.grc.com using the computer that is running the FTP server. Their port scanner will find out if anyone from the internet can access your server.

Using a non-standard port is an easily defeated security measure. It's so easy to defeat that I wouldn't consider this technique useful at all.

DanU,

Sorry but that is not quite accurate. the port scan at GRC will tell you that you ARE running an open port (ftp) it WILL NOT tell you if anyone can access it!

If you are wanting to run an FTP server. Make sure that you run non-dictionary type passwords. (alpha-numeric's) such as m1n2t3s6 or even better if the software is capable of dealing with them non-standard items as well such as p0m$_^kP That would be a very hardone to crack and most people will NOT spend the time as what they would hopefully gain by getting into your system is nothing.

Thanks for your responses guys. That's good advice about the password, but aside from someone trying to guess a dictionary word, couldn't they also be running some packet sniffer that grabs the password as my intended user submits it to my server? So it may be just as useless to make a password cryptic in that sense. I don't think there are too many people out there manually typing in any amount of dictionary words... but there are some people with nothing better to do I'm sure.

So would you guys have any idea as to why my user would just die out after transferring (uploading) about 30MB of a 450MB file? The reason I ask is that he tried 2 different files and it seemed to die at the same point. Is that up to a setting I have or is it just a network timeout? What causes transfers to die like that ?!

Thanks again.