Shodan Stories Day 71: Transfering Files in Moscow, Macommet, and Open Source Mirrors
Today I just wanted to find a working public FTP server. So I searched “FTP”, and went with the first result I found, this one in Moscow.
FTP Server on 220.127.116.11
FTP seems like an ancient technology but I had a job just a few years ago where we would use it all of the time, and I frequently use it to move files to my servers when I can’t be bothered to remember the correct scp syntax. It turns out though that the newest Mac operating systems took out FTP from the built in software, so I had to reinstall it. They still have SFTP, which is the preferable protocol to use anyway, but since SFTP and FTP aren’t actually interoperable, I needed the original model.
👻🌵🔮 $ ftp -n 18.104.22.168 Connected to 22.214.171.124. 220 FTP server ready. ftp> user (username) anonymous 331 Guest login ok, send your email address as password. Password: 230- 230- _ __ ___ __ _ ___ ___ _ __ ___ _ __ ___| | 230- | '_ ` _ \ / _` |/ __/ _ \| '_ ` _ \| '_ \ / _ \ __| 230- | | | | | | (_| | (_| (_) | | | | | | | | | __/ | 230- |_| |_| |_|\__,_|\___\___/|_| |_| |_|_| |_|\___|\__| 230- 230- 230- The FTP archive at MAcomnet, Moscow, Russia. 230- 230- All the equipment including 1Gbps connection provided by 230- MAcomnet JSC, http://www.macomnet.ru/. 230- 230- This archive is available via 230- 230- HTTP: http://mirror.macomnet.net/ (max 1024 connections) 230- FTP: ftp://mirror.macomnet.net/ (max 1024 connections) 230- RSYNC: rsync://mirror.macomnet.net/ (max 30 connections) 230- 230- Please email comments, bug reports and requests for packages to be 230- mirrored to firstname.lastname@example.org 230 Guest login ok, access restrictions apply. ftp>
Here is my amazing result after connecting (via port 21, the typical FTP port). Now oddly I couldn’t get that much done, my list of commands seemed to be severely restricted as an anonymous user, I couldn’t even use
ls. So I instead opted to look around via the browser FTP protocol. First though I double checked that indeed the IP I had was the same URL that the FTP header above was directing me toward.
👻🌵🔮 $ host 126.96.36.199 188.8.131.52.in-addr.arpa domain name pointer mirror.macomnet.NET.
Yup we are all good. Wait actually let’s first see what macommet is.
Great it’s a Russian telecom, but why are they running an FTP server? Let’s take a look. I’m guessing from the timestamps that this server was set up back in 2008 but is still being used as of a couple of days ago. Now /bin/ and /etc/ are just where all of the commands you can use when logged into the server are. /pub/ is where all the good stuff is. It’s a bunch of open source software! Kind of an amazing little collection actually. There’s CTAN and lyx for your word processing, two kinds of BSD operating systems, Hiren’s BootCD for your hard drive backups, and the classic VLC.
After wondering why this telecom had done this for a bit I noticed something I had missed before. The url had “mirror” in it! Of course, they were putting up open source software on an FTP server to help spread access to the software and share bandwidth loads with the open source projects, so that they wouldn’t have to bear the cost of heavy download traffic themselves. This used to be more common, but bandwidth has gotten cheaper these days, you don’t need so much community support like this anymore. Or maybe mirroring is still a big deal and I’ve just gravitated away from the world of downloading a lot of open source software, with my Mac operating system that doesn’t even have FTP.
See you tomorrow.