> I am sure most of you have already resolved most of the problems with > domains that we all see repeated scanning IP addresses for FTP openings, but > I thought I would post this anyway in the event it might help someone. I am > not a security expert or an expert in Linux, so this was a concern that I > wasn't sure how to handle. I edited the hosts.deny file as someone > suggested, and it wasn't successful. But after some reading on the matter, I > found the problem was simply a dot. I edited the file again, and so far the > FTP scans have quieted significantly. The only ones I see are new domains > not currently listed in the file. For anyone having similar problems, this > is how my hosts.deny file now reads: > > ALL: .wanadoo.fr > ALL: .t-dialin.net > > I didn't realize by adding the dot it denies the entire domain, which > eliminates the need to block them by blocking large sections of IP > addresses. This simply targets the problem domain, nothing more. While I > imagine this is old news to most on this list, I hope it is useful to some > of you. > Or you could just block ftp with in.proftpd : .wanadoo.fr .t-dialin.net
Gerald _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
