Warezmaster and Warezclient

An implementation of FTP based R2L attacks

Debdeep Dey, Archisman DInda, Poornima Panduranga Kundapur, R. Smitha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Although the File Transfer Protocol (FTP) was not designed with strict security measures in place, which is quite evident from the fact that all the commands and data are transmitted in clear text, subsequent additions to the protocol have implemented security features like upgrading the connection to Transport Layer Security (TLS) in FTPS. In spite of such developments, FTP remains an inherently insecure protocol, that refuses to die. The FTP, despite its quirks, has proven to be extremely resilient. As of 2015, more than 13 million FTP servers exist in the Internet Protocol Version 4 (IPv4) address space. With the advent of the Internet of Things (IoT) and the proliferation of internet enabled hand held devices, the security of computer networks has become a very important issue. There are two broad divisions of security threats, Remote exploits and local attacks. Remote to local attacks are a serious threat to computer networks. In this paper, we implement two specific remote to local attacks, the Warezmaster (WM) and the Warezclient attack (WC), which exploit the vulnerabilities present in 'anonymous' FTP on both Linux and Windows. We then go on to discuss the ramifications of such an attack, it's limitations as well as the methods to prevent such attacks.

Original languageEnglish
Title of host publication8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781509030385
DOIs
Publication statusPublished - 13-12-2017
Externally publishedYes
Event8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017 - Delhi, India
Duration: 03-07-201705-07-2017

Conference

Conference8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017
CountryIndia
CityDelhi
Period03-07-1705-07-17

Fingerprint

Attack
Network protocols
Computer networks
Computer Networks
Internet protocols
Internet of Things
Handheld Devices
Ramification
Linux
Proliferation
Vulnerability
Servers
Division
Internet
Die
Server

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications
  • Computer Vision and Pattern Recognition
  • Signal Processing
  • Modelling and Simulation
  • Artificial Intelligence

Cite this

Dey, D., DInda, A., Kundapur, P. P., & Smitha, R. (2017). Warezmaster and Warezclient: An implementation of FTP based R2L attacks. In 8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017 [8203964] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICCCNT.2017.8203964
Dey, Debdeep ; DInda, Archisman ; Kundapur, Poornima Panduranga ; Smitha, R. / Warezmaster and Warezclient : An implementation of FTP based R2L attacks. 8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017. Institute of Electrical and Electronics Engineers Inc., 2017.
@inproceedings{63f5c752974349548325832a9deab301,
title = "Warezmaster and Warezclient: An implementation of FTP based R2L attacks",
abstract = "Although the File Transfer Protocol (FTP) was not designed with strict security measures in place, which is quite evident from the fact that all the commands and data are transmitted in clear text, subsequent additions to the protocol have implemented security features like upgrading the connection to Transport Layer Security (TLS) in FTPS. In spite of such developments, FTP remains an inherently insecure protocol, that refuses to die. The FTP, despite its quirks, has proven to be extremely resilient. As of 2015, more than 13 million FTP servers exist in the Internet Protocol Version 4 (IPv4) address space. With the advent of the Internet of Things (IoT) and the proliferation of internet enabled hand held devices, the security of computer networks has become a very important issue. There are two broad divisions of security threats, Remote exploits and local attacks. Remote to local attacks are a serious threat to computer networks. In this paper, we implement two specific remote to local attacks, the Warezmaster (WM) and the Warezclient attack (WC), which exploit the vulnerabilities present in 'anonymous' FTP on both Linux and Windows. We then go on to discuss the ramifications of such an attack, it's limitations as well as the methods to prevent such attacks.",
author = "Debdeep Dey and Archisman DInda and Kundapur, {Poornima Panduranga} and R. Smitha",
year = "2017",
month = "12",
day = "13",
doi = "10.1109/ICCCNT.2017.8203964",
language = "English",
booktitle = "8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

Dey, D, DInda, A, Kundapur, PP & Smitha, R 2017, Warezmaster and Warezclient: An implementation of FTP based R2L attacks. in 8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017., 8203964, Institute of Electrical and Electronics Engineers Inc., 8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017, Delhi, India, 03-07-17. https://doi.org/10.1109/ICCCNT.2017.8203964

Warezmaster and Warezclient : An implementation of FTP based R2L attacks. / Dey, Debdeep; DInda, Archisman; Kundapur, Poornima Panduranga; Smitha, R.

8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017. Institute of Electrical and Electronics Engineers Inc., 2017. 8203964.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Warezmaster and Warezclient

T2 - An implementation of FTP based R2L attacks

AU - Dey, Debdeep

AU - DInda, Archisman

AU - Kundapur, Poornima Panduranga

AU - Smitha, R.

PY - 2017/12/13

Y1 - 2017/12/13

N2 - Although the File Transfer Protocol (FTP) was not designed with strict security measures in place, which is quite evident from the fact that all the commands and data are transmitted in clear text, subsequent additions to the protocol have implemented security features like upgrading the connection to Transport Layer Security (TLS) in FTPS. In spite of such developments, FTP remains an inherently insecure protocol, that refuses to die. The FTP, despite its quirks, has proven to be extremely resilient. As of 2015, more than 13 million FTP servers exist in the Internet Protocol Version 4 (IPv4) address space. With the advent of the Internet of Things (IoT) and the proliferation of internet enabled hand held devices, the security of computer networks has become a very important issue. There are two broad divisions of security threats, Remote exploits and local attacks. Remote to local attacks are a serious threat to computer networks. In this paper, we implement two specific remote to local attacks, the Warezmaster (WM) and the Warezclient attack (WC), which exploit the vulnerabilities present in 'anonymous' FTP on both Linux and Windows. We then go on to discuss the ramifications of such an attack, it's limitations as well as the methods to prevent such attacks.

AB - Although the File Transfer Protocol (FTP) was not designed with strict security measures in place, which is quite evident from the fact that all the commands and data are transmitted in clear text, subsequent additions to the protocol have implemented security features like upgrading the connection to Transport Layer Security (TLS) in FTPS. In spite of such developments, FTP remains an inherently insecure protocol, that refuses to die. The FTP, despite its quirks, has proven to be extremely resilient. As of 2015, more than 13 million FTP servers exist in the Internet Protocol Version 4 (IPv4) address space. With the advent of the Internet of Things (IoT) and the proliferation of internet enabled hand held devices, the security of computer networks has become a very important issue. There are two broad divisions of security threats, Remote exploits and local attacks. Remote to local attacks are a serious threat to computer networks. In this paper, we implement two specific remote to local attacks, the Warezmaster (WM) and the Warezclient attack (WC), which exploit the vulnerabilities present in 'anonymous' FTP on both Linux and Windows. We then go on to discuss the ramifications of such an attack, it's limitations as well as the methods to prevent such attacks.

UR - http://www.scopus.com/inward/record.url?scp=85041408430&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85041408430&partnerID=8YFLogxK

U2 - 10.1109/ICCCNT.2017.8203964

DO - 10.1109/ICCCNT.2017.8203964

M3 - Conference contribution

BT - 8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Dey D, DInda A, Kundapur PP, Smitha R. Warezmaster and Warezclient: An implementation of FTP based R2L attacks. In 8th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2017. Institute of Electrical and Electronics Engineers Inc. 2017. 8203964 https://doi.org/10.1109/ICCCNT.2017.8203964