Anonymous FTP is an option on most FTP servers. When enabled, it means that users do not need to have an account on the server. Users logon without needing to specify a valid user ID and password.
Universal Access
Anyone with network access to an FTP server that allows anonymous FTP access can log on and access any of the files and folders that are made available by the server.
No Audit Trail
FTP servers that allow anonymous access make corporate data accessible to users with no useful audit trail telling who accessed the data. All you can tell is that someone accessed the FTP server and downloaded or uploaded one or more files but you cannot tell who it was. There is no accountability, something auditors do not like.
Download and Upload
Depending on the FTP server configuration, anonymous access can be granted for both download and upload. Allowing anonymous users to upload data to an FTP server exposes your company to disk shortages and, even worse, uploading of sensitive and/or copyrighted material.
Movie Pirates Love Anonymous FTP
Software, movie and pornography pirates love finding FTP servers that allow both anonymous access and uploads. They turn them into what are called "warez" sites.
They upload pirated software, movies, music and pornographic images to them, thereby making the server owner an unwitting distributor of copyrighted material. They often create hidden folders and folders that contain unprintable characters, making it extremely difficult for the FTP server owner to remove the material they have uploaded.
Warez distributors have scripts scanning thousands of IP addresses per hour, looking for FTP sites, and then checking if they can upload and download anonymously when they find one.
If your FTP server allows this, it will be announced on IRC when it is discovered and your bandwidth will skyrocket until you figure out what's going on and fix it.
|
