In message <20021128134832.73874.qmail@mail.com>, "Todd Gruhn" writes:
>I just did a ton of research on this, and went ahead
>and installed WU-FTPD on DEBIAN LINUX. Lets just 
>say it took a lot of time and thought.
>Mostly because the scanner (SAINT) kept saying that
>FTP could be hacked.
>
>What I did was to get the latest copy of WU-FTP from 
>debian.org and apply the latest patch kit. I then tracked
>down a security doc on how to secure FTP and test WUFTP
>by hacking the best known security holes. Once I got 
>kicked out, or the security holes failed to respond as
>expected (as a hole) was I satisfied. I am now satisfied
>with my WU-FTP install on LINUX.
>

Given WU-FTP's security history, it makes me rather nervous.  When will 
the next hole show up?

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)