Le Vendredi 26 Janvier 2007 15:50, Kevin Kinsey a écrit : > David Banning wrote: > >>> I have discovered a vulnerability, that is new to me. Denyhosts > >>> does not seem to notice FTP login attempts, so the cracker can > >>> attempt to login via FTP, 1000's of times until he finds a > >>> login/password combination. > >> > >> Pardon the stupid question, but I'm assuming it's necessary that > >> you run ftpd? We block ftpd at the firewall to any machines > >> outside the LAN. Anyone who needs FTP access uses a client that's > >> capable of using sftp instead, and logs in with their SSH > >> credentials. > > > > Hmm - interesting - I just -may- be able to disable using ftpd. > > > > But I still pose the same question - what do ftp servers do on > > this? Maybe -not- have ssh login? -or- maybe not have ssh login > > using the same login/password? > > I'm also interested; my version of the question is probably more > like, "is anyone in their right mind running ftpd over the WAN for > anything but an anonymous user"? [1]
You can run OpenBSD's pf in combination with authpf. This mechanism will alter firewall rules based on successful SSH logins. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"