David Banning wrote:
I have discovered a vulnerability, that is new to me. Denyhosts
does not seem to notice FTP login attempts, so the cracker can
attempt to login via FTP, 1000's of times until he finds a
login/password combination.
Pardon the stupid question, but I'm assuming it's necessary that you run
ftpd? We block ftpd at the firewall to any machines outside the LAN.
Anyone who needs FTP access uses a client that's capable of using sftp
instead, and logs in with their SSH credentials.
Hmm - interesting - I just -may- be able to disable using ftpd.
But I still pose the same question - what do ftp servers do on this?
Maybe -not- have ssh login? -or- maybe not have ssh login using the
same login/password?
I'm also interested; my version of the question is probably more like,
"is anyone in their right mind running ftpd over the WAN for anything
but an anonymous user"? [1]
Note that I'm _not_ trying to be critical. However, in the current
state of things [2], I don't see anything involving unencrypted
authentication as valid for WAN(Internet) operations.
Kevin Kinsey
[1] Granted, other strategies might work; firewalling and/or tcpwrappers
might work.
[2] An interesting read - "The Internet Sucks" -
http://www.macleans.ca/topstories/life/article.jsp?content=20061030_135406_135406
--
Computers will not be perfected until they can compute how much more
than the estimate the job will cost.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
