In response to David Banning <[EMAIL PROTECTED]>:

> I have installed denyhosts from the ports to stop ssh attacks, but
> I have discovered a vulnerability, that is new to me. Denyhosts
> does not seem to notice FTP login attempts, so the cracker can
> attempt to login via FTP, 1000's of times until he finds a
> login/password combination.

We refuse to run ftp because it's nearly impossible to secure.

> Once he has a login/password combo, he can simple login via ssh,
> (provided that user has a shell account).

Yeah, that's really bad.  You can end up with the same problem if you
run smtp auth without tls.

> Is there anyway to block multiple FTP login attempts?

I'm sure there is, but why bother?  It would actually be _easier_ for most
crooks to simply sniff the passwords right off the wire.  If you really
think it's worthwhile, you can probably tweak denyhosts to properly
regex the ftp logs.

A better solution (assuming you can't ditch ftp, which would be the _best_
choice) would be to set up your ftpd so it has different passwords than
ssh/scp.  There are a number of ftp servers out there capable of this.

Bill Moran
Collaborative Fusion Inc.
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to