Le Vendredi 26 Janvier 2007 15:50, Kevin Kinsey a écrit :
> David Banning wrote:
> >>> I have discovered a vulnerability, that is new to me. Denyhosts
> >>> does not seem to notice FTP login attempts, so the cracker can
> >>> attempt to login via FTP, 1000's of times until he finds a
> >>> login/password combination.
> >>
> >> Pardon the stupid question, but I'm assuming it's necessary that
> >> you run ftpd?  We block ftpd at the firewall to any machines
> >> outside the LAN. Anyone who needs FTP access uses a client that's
> >> capable of using sftp instead, and logs in with their SSH
> >> credentials.
> >
> > Hmm - interesting - I just -may- be able to disable using ftpd.
> >
> > But I still pose the same question - what do ftp servers do on
> > this? Maybe -not- have ssh login? -or- maybe not have ssh login
> > using the same login/password?
> I'm also interested; my version of the question is probably more
> like, "is anyone in their right mind running ftpd over the WAN for
> anything but an anonymous user"? [1]

You can run OpenBSD's pf in combination with authpf.  This mechanism 
will alter firewall rules based on successful SSH logins.
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to