From owner-freebsd-questions@FreeBSD.ORG Fri Jan 26 22:06:47 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DA86C16A403; Fri, 26 Jan 2007 22:06:47 +0000 (UTC) (envelope-from pmatulis@sympatico.ca) Received: from bay0-omc1-s17.bay0.hotmail.com (bay0-omc1-s17.bay0.hotmail.com [65.54.246.89]) by mx1.freebsd.org (Postfix) with ESMTP id C1A0713C458; Fri, 26 Jan 2007 22:06:47 +0000 (UTC) (envelope-from pmatulis@sympatico.ca) Received: from BAYC1-PASMTP07.CEZ.ICE ([65.54.191.167]) by bay0-omc1-s17.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 26 Jan 2007 13:54:46 -0800 X-Originating-IP: [74.13.200.101] X-Originating-Email: [pmatulis@sympatico.ca] Received: from [192.168.3.10] ([74.13.200.101]) by BAYC1-PASMTP07.CEZ.ICE over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Fri, 26 Jan 2007 14:02:16 -0800 From: Peter Matulis To: freebsd-questions@freebsd.org Date: Fri, 26 Jan 2007 16:54:59 -0500 User-Agent: KMail/1.9.1 References: <20070126182013.GA10551@skytracker.ca> <20070126192012.GA30551@skytracker.ca> <45BA699F.3000006@daleco.biz> In-Reply-To: <45BA699F.3000006@daleco.biz> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200701261654.59814.pmatulis@sympatico.ca> X-OriginalArrivalTime: 26 Jan 2007 22:02:16.0921 (UTC) FILETIME=[A4812C90:01C74195] Cc: questions@freebsd.org, David Banning Subject: Re: thwarting repeated login attempts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jan 2007 22:06:48 -0000 Le Vendredi 26 Janvier 2007 15:50, Kevin Kinsey a =E9crit=A0: > David Banning wrote: > >>> I have discovered a vulnerability, that is new to me. Denyhosts > >>> does not seem to notice FTP login attempts, so the cracker can > >>> attempt to login via FTP, 1000's of times until he finds a > >>> login/password combination. > >> > >> Pardon the stupid question, but I'm assuming it's necessary that > >> you run ftpd? We block ftpd at the firewall to any machines > >> outside the LAN. Anyone who needs FTP access uses a client that's > >> capable of using sftp instead, and logs in with their SSH > >> credentials. > > > > Hmm - interesting - I just -may- be able to disable using ftpd. > > > > But I still pose the same question - what do ftp servers do on > > this? Maybe -not- have ssh login? -or- maybe not have ssh login > > using the same login/password? > > I'm also interested; my version of the question is probably more > like, "is anyone in their right mind running ftpd over the WAN for > anything but an anonymous user"? [1] You can run OpenBSD's pf in combination with authpf. This mechanism=20 will alter firewall rules based on successful SSH logins.