Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 26 Jan 2007 16:54:59 -0500
From:      Peter Matulis <pmatulis@sympatico.ca>
To:        freebsd-questions@freebsd.org
Cc:        questions@freebsd.org, David Banning <david@skytracker.ca>
Subject:   Re: thwarting repeated login attempts
Message-ID:  <200701261654.59814.pmatulis@sympatico.ca>
In-Reply-To: <45BA699F.3000006@daleco.biz>
References:  <20070126182013.GA10551@skytracker.ca> <20070126192012.GA30551@skytracker.ca> <45BA699F.3000006@daleco.biz>

next in thread | previous in thread | raw e-mail | index | archive | help
Le Vendredi 26 Janvier 2007 15:50, Kevin Kinsey a =E9crit=A0:
> David Banning wrote:
> >>> I have discovered a vulnerability, that is new to me. Denyhosts
> >>> does not seem to notice FTP login attempts, so the cracker can
> >>> attempt to login via FTP, 1000's of times until he finds a
> >>> login/password combination.
> >>
> >> Pardon the stupid question, but I'm assuming it's necessary that
> >> you run ftpd?  We block ftpd at the firewall to any machines
> >> outside the LAN. Anyone who needs FTP access uses a client that's
> >> capable of using sftp instead, and logs in with their SSH
> >> credentials.
> >
> > Hmm - interesting - I just -may- be able to disable using ftpd.
> >
> > But I still pose the same question - what do ftp servers do on
> > this? Maybe -not- have ssh login? -or- maybe not have ssh login
> > using the same login/password?
>
> I'm also interested; my version of the question is probably more
> like, "is anyone in their right mind running ftpd over the WAN for
> anything but an anonymous user"? [1]

You can run OpenBSD's pf in combination with authpf.  This mechanism=20
will alter firewall rules based on successful SSH logins.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701261654.59814.pmatulis>