In response to David Banning <[EMAIL PROTECTED]>: > I have installed denyhosts from the ports to stop ssh attacks, but > I have discovered a vulnerability, that is new to me. Denyhosts > does not seem to notice FTP login attempts, so the cracker can > attempt to login via FTP, 1000's of times until he finds a > login/password combination.
We refuse to run ftp because it's nearly impossible to secure. > Once he has a login/password combo, he can simple login via ssh, > (provided that user has a shell account). Yeah, that's really bad. You can end up with the same problem if you run smtp auth without tls. > Is there anyway to block multiple FTP login attempts? I'm sure there is, but why bother? It would actually be _easier_ for most crooks to simply sniff the passwords right off the wire. If you really think it's worthwhile, you can probably tweak denyhosts to properly regex the ftp logs. A better solution (assuming you can't ditch ftp, which would be the _best_ choice) would be to set up your ftpd so it has different passwords than ssh/scp. There are a number of ftp servers out there capable of this. -- Bill Moran Collaborative Fusion Inc. _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"