From owner-freebsd-questions@FreeBSD.ORG  Fri Jan 26 19:07:37 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A352516A400
	for <questions@freebsd.org>; Fri, 26 Jan 2007 19:07:37 +0000 (UTC)
	(envelope-from kdk@daleco.biz)
Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18])
	by mx1.freebsd.org (Postfix) with ESMTP id 59D9E13C458
	for <questions@freebsd.org>; Fri, 26 Jan 2007 19:07:37 +0000 (UTC)
	(envelope-from kdk@daleco.biz)
Received: from [192.168.2.2] (archangel.daleco.biz [69.27.145.126])
	by ezekiel.daleco.biz (8.13.4/8.13.1) with ESMTP id l0QJ7SZp082948;
	Fri, 26 Jan 2007 13:07:33 -0600 (CST) (envelope-from kdk@daleco.biz)
Message-ID: <45BA516A.7070402@daleco.biz>
Date: Fri, 26 Jan 2007 13:07:22 -0600
From: Kevin Kinsey <kdk@daleco.biz>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US;
	rv:1.8.0.7) Gecko/20060925 SeaMonkey/1.0.5
MIME-Version: 1.0
To: David Banning <david+dated+1170267615.a090fc@skytracker.ca>
References: <20070126182013.GA10551@skytracker.ca>
In-Reply-To: <20070126182013.GA10551@skytracker.ca>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: questions@freebsd.org
Subject: Re: thwarting repeated login attempts
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jan 2007 19:07:37 -0000

David Banning wrote:
> I have installed denyhosts from the ports to stop ssh attacks, but
> I have discovered a vulnerability, that is new to me. Denyhosts
> does not seem to notice FTP login attempts, so the cracker can
> attempt to login via FTP, 1000's of times until he finds a
> login/password combination.
>

Pardon the stupid question, but I'm assuming it's necessary that you run 
ftpd?  We block ftpd at the firewall to any machines outside the LAN. 
Anyone who needs FTP access uses a client that's capable of using sftp 
instead, and logs in with their SSH credentials.


> Once he has a login/password combo, he can simple login via ssh,
> (provided that user has a shell account).
>    
> Is there anyway to block multiple FTP login attempts?
> 

Kevin Kinsey
-- 
Make it myself?  But I'm a physical organic chemist!