HIR Issue 6: A Tell Tale of the FTP Search Tool
A Short Overview of the FTP search service By Asmodian X
A while back Axon and my self triped upon a wonderful ftp search utility, aptly named "FTP SEARCH," that allowed our wandering eyes to search vast numbers of public ftp servers.At a point, for some "Unknown" reason, we felt a bit prankish, and searched for some really stupid stuff like.. passwd, .rhosts and some other nifty things like that. The FTP search engine dutifully obeyed our requests, and gave us a really nice, really long, list of hosts, full pathname to the files, and their permissions. As a credit to the standards of computer security, all the files we found were permissioned to not allow any old user to read them.. However this service could provide invaluable information about individual systems as a whole.
The "FTP search," page is at "http://ftpsearch.ntnu.no" for those of you itching to try it. Not only can you tell it to bluntly search everything. But you can set up sorting parameters. Such as domain, paths, and you can tell it to hide certain types of files, such as software packages...etc. It may be an interesting test to see how much you can learn about your self using this useful search tool.
One interesting note however, this search tool only has a snapshot of what a server has available on a anonymous ftp session. The really secure servers will have already removed themselves from the ftp database or have made a ls-l R.gz, which the ftp-tool updates itself off of. The ls-lR.gz file will be read into the database instead of making a recursive directory scan. Thus the sysadmin can block out whatever directories they wish, and the ftp search database will never know any different.
If you have the burning desire for your internet ftp server be removed from "FTP search", send an email from your server to "remove@ftpsearch.ntnu.no"
