As an example of what a client sees from the module level, when we look at the rsync instance used to distribute rsync itself-we see eight modules presented after a brief greeting or “message of the day,” as seen below: In daemon mode, rsync organizes files using modules, which are just symbolic names and descriptions that point to a specific directory reachable by the user running the rsync daemon. Analysis of the data collected about exposed rsync instances on the public internet resulted in a variety of findings some were expected, some were not. The primary focus of this research was to understand more about what is exposing rsync, including anything that could speak to the security of these instances, with the goal being outreach, education, and security awareness. Deploying rsync in daemon mode is tricky from a security perspective as history has shown and our research will help solidify. Rapid7 Labs recently decided to take a fresh look at rsync, this time focusing on exposure of rsync globally on the public internet. In the remainder of this research, when we refer to rsync, we mean rsync operating in daemon mode unless otherwise noted. Rsync also has the ability to operate in a daemon mode where it listens on port 873/TCP. Rsync is primarily a utility for synchronizing files between systems in an efficient manner and is frequently used for archival and backup purposes as well as data distribution and sharing tasks. This blog was co-written by Jon Hart and Shan Sikdar.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |