>If there's no legitimate reason for uses in these domains to be >accessing FTP on your RAQs, why not just create an IPChains rule to >block FTP requests from these address blocks? That way, valid users >from these ISPs can still email and pull http content from your box, >without having other security concerns open.
In our case, it is more logical to block access entirely. FTP scans are not the only areas we have seen problems recently from these domains. Our sites do not benefit from international access, if they did we would be more likely to use the suggestion Gerald Waugh made in adding "in.proftpd : .wanadoo.fr .t-dialin.net" to the hosts.deny file. I am not at a point that I would be comfortable adding IPchains to our server. Ed _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
