Hi all, I recently activated vsftpd on my server and I'm noticing statistics in the daily server report (automagically sent to root by all servers) that suggest someone's trying a dictionary attack (presumably) on my ftp server (10000+ login attempts ;-).
I just activated the 'Linux firewall' (iptables?) and used the defaults to grant a few local machines unlimited access (so I could use Samba, AppleShare and X without having to figure out which ports do what). My questions are... 1. Will the firewall provide protection against these attempts with the defaults (I'm not 100% sure how to read the defaults yet)? 2. How do I configure the firewall/vsftpd to block repeated unsuccessful attempts on the ftp server? 3. How do I find out what username/passwords they're using in their dictionary attack? (I'd like to know what is insecure) 4. Is there a GUI interface for the firewall that's intelligible (WebMin sort of allows access but you need to understand its syntax to do anything more than open up/closing ports and allowing access to certain machines). PS Is there a better ftp server to use than vsftpd? It's quick and dirty but it's not really that easily configured (I'd like to specify ftp access for only certain users, and even then only for certain directories). Thanks, Eric. _______________________________________________ yellowdog-general mailing list [email protected] http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com'
