ARCHIVED: Can anyone FTP into my PC, and how can I safeguard against this?

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

Note: The following information addresses an old security risk. Currently, you must set up your computer as an FTP or WWW server to risk FTP vulnerabilities. For more information about setting up an FTP server, see Set up an anonymous FTP site

Note: The software discussed here is no longer in common use at IU, and UITS may no longer be able to verify this text's accuracy; additionally, the UITS Support Center may no longer have the materials needed to adequately support this software.

If your PC has been assigned an IP number, it may be possible for anyone to FTP into your computer, unless you take steps to safeguard against it. If you are on the Ethernet, you have an IP number; if you dial in using PPP, your PC will be assigned a temporary IP number. In either case, whether or not anyone can FTP into your computer depends on what TCP/IP software you're running, and how it's configured:

If you're using LAN WorkPlace, the only way to allow FTP connections to your computer is to use the DOS or Windows FTP.
If you're using the PC/TCP package (or the DCE telnet package), the FTP server is disabled by default when running telnet.
If you're using the shareware NCSA or Clarkson packages, put the following line into your config.tel file:
```
  ftp=no 
```
If you don't do this, then anyone on the entire Internet could log into your computer.

You can also enable FTP in any of the above packages, and create a password file which permits access only to people you specify. You effectively give them usernames and passwords, specific to your PC's FTP server.