How do I install FTP server on an existing SBS 2000?

We have had a SBS 2000 running for two months now and now
they want to run FTP on the server in spite of the
security issues. Does anybody have any resources as to
how I install this on the existing server?

Thank you,
Steve

MST
Tue Jul 29 20:06:37 CDT 2003

Well you have a few different options. FTP can be installed from the
control panel. Add and Remove Programs then select Add/Remove Windows
Components on the left side.
Then hit the IIS button and make sure FTP is checked off. Now with this FTP
server, you can only use 1 port at a time, one login at a time. But with
FTP proggies like Serve -U-FTP or G6 FTP Server. With these 3rd Party
proggies, you can have multile connection that are secured. Just make the
ajustments in you router firewall or NAT.
-
ICQ # 128353983
"Computers can figure out all kinds of problems,
except the things in the world that just don't add up."
James Magary

"Steve Lewis" <SteveLewis@SLKNet.com> wrote in message
news:076d01c3562b$0dddfba0$a101280a@phx.gbl...
> We have had a SBS 2000 running for two months now and now
> they want to run FTP on the server in spite of the
> security issues. Does anybody have any resources as to
> how I install this on the existing server?
>
> Thank you,
> Steve

Mark
Tue Jul 29 20:56:56 CDT 2003

3rd party apps are much better but I would have them sign off on a paper
that states
1) FTP sends passwords clear text, we understand this security risk
x_______________
2) FTP allows people to put software on our server that could be damaging
and there is no way to prohibit this x______________
3) Despite the fact that we were told that a $10/month hosting company could
offer a more secure solution, we want to do this solution x______________

At this point, if they sign they need their head examined but at least you
can't be held accountable on E&O.

--
Sincerely,
Mark Mancini, CCA, CCNA, Master CIW&CI, CNE 4&5, MCSE+I 4&2000
www.MCSE2000.com
www.AppLauncher.com



"MST" <alvin@rivner.com> wrote in message
news:%23J6uQWjVDHA.2016@TK2MSFTNGP09.phx.gbl...
> Well you have a few different options. FTP can be installed from the
> control panel. Add and Remove Programs then select Add/Remove Windows
> Components on the left side.
> Then hit the IIS button and make sure FTP is checked off. Now with this
FTP
> server, you can only use 1 port at a time, one login at a time. But with
> FTP proggies like Serve -U-FTP or G6 FTP Server. With these 3rd Party
> proggies, you can have multile connection that are secured. Just make the
> ajustments in you router firewall or NAT.
> -
> ICQ # 128353983
> "Computers can figure out all kinds of problems,
> except the things in the world that just don't add up."
> James Magary
>
> "Steve Lewis" <SteveLewis@SLKNet.com> wrote in message
> news:076d01c3562b$0dddfba0$a101280a@phx.gbl...
> > We have had a SBS 2000 running for two months now and now
> > they want to run FTP on the server in spite of the
> > security issues. Does anybody have any resources as to
> > how I install this on the existing server?
> >
> > Thank you,
> > Steve
>
>

Sam
Wed Jul 30 03:21:44 CDT 2003

Hi James,

You said "Just make the ajustments in you router firewall
or NAT."

And I'm stuck there...
My installation already had ftp checked (or I checked it
then) in the windows component selector.

The problem is that I do not get through ISA.

I have all the standard packet filters (which include ftp
in on TCP ports 20 and 21

From the log (Below) it looks like I need to open UDP
ports 137,137 or 67,68 and 68,67

Ofcourse I do not understand the port,port format (other
than guessing it is local,remote or visa versa) of the log
file and I have no clue how to link this to my actions of
testing FTP in....

Thanks,
Sam


7/29/2003, 17:00:13, 172.26.0.99, 172.26.0.255, Udp, 137,
137, -, BLOCKED, 172.26.0.99, 45 00 00 4e c9 b6 00 00 80
11 00 00 ac 1a 00 63 ac 1a 00 ff, 00 89 00 89 00 3a b1 2b
7/29/2003, 17:00:14, 172.26.0.99, 172.26.0.255, Udp, 137,
137, -, BLOCKED, 172.26.0.99, 45 00 00 4e ca 07 00 00 80
11 00 00 ac 1a 00 63 ac 1a 00 ff, 00 89 00 89 00 3a b1 2b
7/29/2003, 17:00:15, 172.26.0.99, 172.26.0.255, Udp, 137,
137, -, BLOCKED, 172.26.0.99, 45 00 00 4e ca 4f 00 00 80
11 00 00 ac 1a 00 63 ac 1a 00 ff, 00 89 00 89 00 3a b1 27
7/29/2003, 17:00:16, 172.26.0.99, 172.26.0.255, Udp, 137,
137, -, BLOCKED, 172.26.0.99, 45 00 00 4e ca ad 00 00 80
11 00 00 ac 1a 00 63 ac 1a 00 ff, 00 89 00 89 00 3a b1 27
7/29/2003, 17:00:16, 192.168.16.2, 255.255.255.255, Udp,
68, 67, -, BLOCKED, 172.26.0.99, 45 00 01 10 cb 66 00 00
80 11 9d cc c0 a8 10 02 ff ff ff ff, 00 44 00 43 00 fc dd
32 01 01 06 00 00 00 00 00 0a 00 80 00 c0 a8 10 02 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
7/29/2003, 17:00:16, 192.168.16.2, 255.255.255.255, Udp,
67, 68, -, BLOCKED, 172.26.0.99, 45 00 01 48 cb 67 00 00
80 11 00 00 c0 a8 10 02 ff ff ff ff, 00 43 00 44 01 34 3a
37
7/29/2003, 17:00:16, 172.26.0.99, 172.26.0.255, Udp, 137,
137, -, BLOCKED, 172.26.0.99, 45 00 00 4e cb 68 00 00 80
11 00 00 ac 1a 00 63 ac 1a 00 ff, 00 89 00 89 00 3a b1 27
7/29/2003, 17:00:24, 192.168.16.2, 255.255.255.255, Udp,
68, 67, -, BLOCKED, 172.26.0.99, 45 00 01 10 ce 61 00 00
80 11 9a d1 c0 a8 10 02 ff ff ff ff, 00 44 00 43 00 fc dd
32 01 01 06 00 00 00 00 00 0a 00 80 00 c0 a8 10 02 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
7/29/2003, 17:00:24, 192.168.16.2, 255.255.255.255, Udp,
67, 68, -, BLOCKED, 172.26.0.99, 45 00 01 48 ce 62 00 00
80 11 00 00 c0 a8 10 02 ff ff ff ff, 00 43 00 44 01 34 3a
37
7/29/2003, 17:15:32, 192.168.16.2, 255.255.255.255, Udp,
68, 67, -, BLOCKED, 172.26.0.99, 45 00 01 10 10 62 00 00
80 11 58 d1 c0 a8 10 02 ff ff ff ff, 00 44 00 43 00 fc b4
c6 01 01 06 00 19 0e 0f 5e 0a 00 80 00 c0 a8 10 02 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
7/29/2003, 17:15:40, 192.168.16.2, 255.255.255.255, Udp,
68, 67, -, BLOCKED, 172.26.0.99, 45 00 01 10 10 9c 00 00
80 11 58 97 c0 a8 10 02 ff ff ff ff, 00 44 00 43 00 fc dd
32 01 01 06 00 00 00 00 00 0a 00 80 00 c0 a8 10 02 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
7/29/2003, 17:15:40, 192.168.16.2, 255.255.255.255, Udp,
67, 68, -, BLOCKED, 172.26.0.99, 45 00 01 48 10 9d 00 00
80 11 00 00 c0 a8 10 02 ff ff ff ff, 00 43 00 44 01 34 3a
37
7/29/2003, 17:15:48, 192.168.16.2, 255.255.255.255, Udp,
68, 67, -, BLOCKED, 172.26.0.99, 45 00 01 10 11 29 00 00
80 11 58 0a c0 a8 10 02 ff ff ff ff, 00 44 00 43 00 fc dd
32 01 01 06 00 00 00 00 00 0a 00 80 00 c0 a8 10 02 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
7/29/2003, 17:15:48, 192.168.16.2, 255.255.255.255, Udp,
67, 68, -, BLOCKED, 172.26.0.99, 45 00 01 48 11 2a 00 00
80 11 00 00 c0 a8 10 02 ff ff ff ff, 00 43 00 44 01 34 3a
37
7/29/2003, 17:15:56, 192.168.16.2, 255.255.255.255, Udp,
68, 67, -, BLOCKED, 172.26.0.99, 45 00 01 10 11 81 00 00
80 11 57 b2 c0 a8 10 02 ff ff ff ff, 00 44 00 43 00 fc dd
32 01 01 06 00 00 00 00 00 0a 00 80 00 c0 a8 10 02 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
7/29/2003, 17:15:56, 192.168.16.2, 255.255.255.255, Udp,
67, 68, -, BLOCKED, 172.26.0.99, 45 00 01 48 11 82 00 00
80 11 00 00 c0 a8 10 02 ff ff ff ff, 00 43 00 44 01 34 3a
37

>-----Original Message-----
>Well you have a few different options. FTP can be
installed from the
>control panel. Add and Remove Programs then select
Add/Remove Windows
>Components on the left side.
>Then hit the IIS button and make sure FTP is checked
off. Now with this FTP
>server, you can only use 1 port at a time, one login at a
time. But with
>FTP proggies like Serve -U-FTP or G6 FTP Server. With
these 3rd Party
>proggies, you can have multile connection that are
secured. Just make the
>ajustments in you router firewall or NAT.
>-
>ICQ # 128353983
>"Computers can figure out all kinds of problems,
>except the things in the world that just don't add up."
>James Magary
>
>"Steve Lewis" <SteveLewis@SLKNet.com> wrote in message
>news:076d01c3562b$0dddfba0$a101280a@phx.gbl...
>> We have had a SBS 2000 running for two months now and
now
>> they want to run FTP on the server in spite of the
>> security issues. Does anybody have any resources as to
>> how I install this on the existing server?
>>
>> Thank you,
>> Steve
>
>
>.
>

SuperGumby
Wed Jul 30 10:22:05 CDT 2003

create a specific VPN account and permission files appropriately?
just a thought.

I actually use Serv-U FTP, published through ISA on my 2NIC SBS which is
behind a NAT router (Dlink DI-804). Both Active and Passive FTP work fine
and it is no less secure than a standard FTP server and does not compromise
my LAN security because I use same username but different password for FTP
access. The same user name is laziness on my part but I consider it secure
because:

The FTP password is as complex as the domain password.
The FTP passwords are not the same as the domain passwords.
Anonymous access is denied and also pointed to an empty directory with no
FTP write/execute permissions.

I wouldn't do this with IIS FTP in a pink fit.

I could easily set up 'read only' and 'read write' access for test purposes.
If I did so it would be for a Serv-U user, not a user on my domain. :-)

"Toby Watson" <spams@drivemebananas.spam.com> wrote in message
news:OjjvHgqVDHA.2344@TK2MSFTNGP09.phx.gbl...
> Steve,
>
> You may want to look at this article for some pointers:
>
>
http://www.isaserver.org/articles/How_the_FTP_protocol_Challenges_Firewall_Security.html
>
> However, the feeling I get with FTP is that it is very much making the
best
> of a bad job. While I don't like having an FTP server it is necessary in
> some situations; for example, a site I administer needs to use it so that
> clients can upload very large graphics files to the server.
>
> Using a third party application is helpful as it is easier to set separate
> usernames/passwords which have no rights on the domain.
>
> I have not tried using FTP over SSL, because while I gather this is
possible
> it would be difficult for external users to connect in a securenat
> environment.
>
> Personally, I'd always be open to other suggestions on how to upload large
> files to a server so if anyone has any suggestions do let me know!
>
> Toby.
>
> "Steve Lewis" <SteveLewis@SLKNet.com> wrote in message
> news:076d01c3562b$0dddfba0$a101280a@phx.gbl...
> > We have had a SBS 2000 running for two months now and now
> > they want to run FTP on the server in spite of the
> > security issues. Does anybody have any resources as to
> > how I install this on the existing server?
> >
> > Thank you,
> > Steve
>
>