thwarting repeated login attempts

Peter Matulis pmatulis at sympatico.ca
Fri Jan 26 22:06:48 UTC 2007


Le Vendredi 26 Janvier 2007 15:50, Kevin Kinsey a écrit :
> David Banning wrote:
> >>> I have discovered a vulnerability, that is new to me. Denyhosts
> >>> does not seem to notice FTP login attempts, so the cracker can
> >>> attempt to login via FTP, 1000's of times until he finds a
> >>> login/password combination.
> >>
> >> Pardon the stupid question, but I'm assuming it's necessary that
> >> you run ftpd?  We block ftpd at the firewall to any machines
> >> outside the LAN. Anyone who needs FTP access uses a client that's
> >> capable of using sftp instead, and logs in with their SSH
> >> credentials.
> >
> > Hmm - interesting - I just -may- be able to disable using ftpd.
> >
> > But I still pose the same question - what do ftp servers do on
> > this? Maybe -not- have ssh login? -or- maybe not have ssh login
> > using the same login/password?
>
> I'm also interested; my version of the question is probably more
> like, "is anyone in their right mind running ftpd over the WAN for
> anything but an anonymous user"? [1]

You can run OpenBSD's pf in combination with authpf.  This mechanism 
will alter firewall rules based on successful SSH logins.


More information about the freebsd-questions mailing list