Michael Schmidt wrote:
Hello,
did anyone setup helpful tricks in pf concerning passive ports for ftp?
Why I am asking has the following reason:
In general you have to open ports for incoming passive ftp requests on
a wide range, but that4s a point I don4t like as I want to make life
as hard as possible for intruders/hackers which may try "ah, let4s see
what4s all open on that machine".
So what I want to setup is pf and the ftp-daemon in that way that the
ftp-daemon offers only a very small range of passive ports (or perhaps
only one single passive port?) and that pf opens only the same small
range of ports (or the same single port).
As it would be the best to not reinvent the wheel I would like to
know: Did anyone such a setup and could share ideas?
Sorry for replying to my own post:
I forgot to mention, that I want to change this mentioned single port
(or the very small port range) using random values on regular time
intervals.
Does anyone have experiences with that setup?
--
Michael Schmidt MIRRORS:
DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/
Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/