Warezmaster and Warezclient: An implementation of FTP based R2L attacks

Debdeep Dey; Archisman DInda; Poornima Panduranga Kundapur; R. Smitha

doi:10.1109/ICCCNT.2017.8203964

Warezmaster and Warezclient: An implementation of FTP based R2L attacks

Debdeep Dey, Archisman DInda, Poornima Panduranga Kundapur, R. Smitha

Department of Data Science and Computer Applications, Manipal Institute of Technology, Manipal

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

Although the File Transfer Protocol (FTP) was not designed with strict security measures in place, which is quite evident from the fact that all the commands and data are transmitted in clear text, subsequent additions to the protocol have implemented security features like upgrading the connection to Transport Layer Security (TLS) in FTPS. In spite of such developments, FTP remains an inherently insecure protocol, that refuses to die. The FTP, despite its quirks, has proven to be extremely resilient. As of 2015, more than 13 million FTP servers exist in the Internet Protocol Version 4 (IPv4) address space. With the advent of the Internet of Things (IoT) and the proliferation of internet enabled hand held devices, the security of computer networks has become a very important issue. There are two broad divisions of security threats, Remote exploits and local attacks. Remote to local attacks are a serious threat to computer networks. In this paper, we implement two specific remote to local attacks, the Warezmaster (WM) and the Warezclient attack (WC), which exploit the vulnerabilities present in 'anonymous' FTP on both Linux and Windows. We then go on to discuss the ramifications of such an attack, it's limitations as well as the methods to prevent such attacks.

Original language	English
Title of host publication	8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781509030385
DOIs	https://doi.org/10.1109/ICCCNT.2017.8203964
Publication status	Published - 13-12-2017
Event	8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017 - Delhi, India Duration: 03-07-2017 → 05-07-2017

Conference

Conference	8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017
Country/Territory	India
City	Delhi
Period	03-07-17 → 05-07-17

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Computer Science Applications
Computer Vision and Pattern Recognition
Signal Processing
Modelling and Simulation
Artificial Intelligence

Access to Document

10.1109/ICCCNT.2017.8203964

Cite this

@inproceedings{63f5c752974349548325832a9deab301,

title = "Warezmaster and Warezclient: An implementation of FTP based R2L attacks",

abstract = "Although the File Transfer Protocol (FTP) was not designed with strict security measures in place, which is quite evident from the fact that all the commands and data are transmitted in clear text, subsequent additions to the protocol have implemented security features like upgrading the connection to Transport Layer Security (TLS) in FTPS. In spite of such developments, FTP remains an inherently insecure protocol, that refuses to die. The FTP, despite its quirks, has proven to be extremely resilient. As of 2015, more than 13 million FTP servers exist in the Internet Protocol Version 4 (IPv4) address space. With the advent of the Internet of Things (IoT) and the proliferation of internet enabled hand held devices, the security of computer networks has become a very important issue. There are two broad divisions of security threats, Remote exploits and local attacks. Remote to local attacks are a serious threat to computer networks. In this paper, we implement two specific remote to local attacks, the Warezmaster (WM) and the Warezclient attack (WC), which exploit the vulnerabilities present in 'anonymous' FTP on both Linux and Windows. We then go on to discuss the ramifications of such an attack, it's limitations as well as the methods to prevent such attacks.",

author = "Debdeep Dey and Archisman DInda and Kundapur, {Poornima Panduranga} and R. Smitha",

year = "2017",

month = dec,

day = "13",

doi = "10.1109/ICCCNT.2017.8203964",

language = "English",

booktitle = "8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

note = "8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017 ; Conference date: 03-07-2017 Through 05-07-2017",

}

Dey, D, DInda, A, Kundapur, PP & Smitha, R 2017, Warezmaster and Warezclient: An implementation of FTP based R2L attacks. in 8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017., 8203964, Institute of Electrical and Electronics Engineers Inc., 8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017, Delhi, India, 03-07-17. https://doi.org/10.1109/ICCCNT.2017.8203964

Warezmaster and Warezclient: An implementation of FTP based R2L attacks. / Dey, Debdeep; DInda, Archisman; Kundapur, Poornima Panduranga et al.
8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017. Institute of Electrical and Electronics Engineers Inc., 2017. 8203964.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Warezmaster and Warezclient

T2 - 8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017

AU - Dey, Debdeep

AU - DInda, Archisman

AU - Kundapur, Poornima Panduranga

AU - Smitha, R.

PY - 2017/12/13

Y1 - 2017/12/13

N2 - Although the File Transfer Protocol (FTP) was not designed with strict security measures in place, which is quite evident from the fact that all the commands and data are transmitted in clear text, subsequent additions to the protocol have implemented security features like upgrading the connection to Transport Layer Security (TLS) in FTPS. In spite of such developments, FTP remains an inherently insecure protocol, that refuses to die. The FTP, despite its quirks, has proven to be extremely resilient. As of 2015, more than 13 million FTP servers exist in the Internet Protocol Version 4 (IPv4) address space. With the advent of the Internet of Things (IoT) and the proliferation of internet enabled hand held devices, the security of computer networks has become a very important issue. There are two broad divisions of security threats, Remote exploits and local attacks. Remote to local attacks are a serious threat to computer networks. In this paper, we implement two specific remote to local attacks, the Warezmaster (WM) and the Warezclient attack (WC), which exploit the vulnerabilities present in 'anonymous' FTP on both Linux and Windows. We then go on to discuss the ramifications of such an attack, it's limitations as well as the methods to prevent such attacks.

AB - Although the File Transfer Protocol (FTP) was not designed with strict security measures in place, which is quite evident from the fact that all the commands and data are transmitted in clear text, subsequent additions to the protocol have implemented security features like upgrading the connection to Transport Layer Security (TLS) in FTPS. In spite of such developments, FTP remains an inherently insecure protocol, that refuses to die. The FTP, despite its quirks, has proven to be extremely resilient. As of 2015, more than 13 million FTP servers exist in the Internet Protocol Version 4 (IPv4) address space. With the advent of the Internet of Things (IoT) and the proliferation of internet enabled hand held devices, the security of computer networks has become a very important issue. There are two broad divisions of security threats, Remote exploits and local attacks. Remote to local attacks are a serious threat to computer networks. In this paper, we implement two specific remote to local attacks, the Warezmaster (WM) and the Warezclient attack (WC), which exploit the vulnerabilities present in 'anonymous' FTP on both Linux and Windows. We then go on to discuss the ramifications of such an attack, it's limitations as well as the methods to prevent such attacks.

UR - http://www.scopus.com/inward/record.url?scp=85041408430&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85041408430&partnerID=8YFLogxK

U2 - 10.1109/ICCCNT.2017.8203964

DO - 10.1109/ICCCNT.2017.8203964

M3 - Conference contribution

AN - SCOPUS:85041408430

BT - 8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 3 July 2017 through 5 July 2017

ER -

Warezmaster and Warezclient: An implementation of FTP based R2L attacks

Abstract

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this