thwarting repeated login attempts

David Banning david+dated+1170271216.110843 at
Fri Jan 26 19:52:15 UTC 2007

> >I have discovered a vulnerability, that is new to me. Denyhosts
> >does not seem to notice FTP login attempts, so the cracker can
> >attempt to login via FTP, 1000's of times until he finds a
> >login/password combination.
> >
> Pardon the stupid question, but I'm assuming it's necessary that you run 
> ftpd?  We block ftpd at the firewall to any machines outside the LAN. 
> Anyone who needs FTP access uses a client that's capable of using sftp 
> instead, and logs in with their SSH credentials.

Hmm - interesting - I just -may- be able to disable using ftpd.

But I still pose the same question - what do ftp servers do on this?
Maybe -not- have ssh login? -or- maybe not have ssh login using the
same login/password?

More information about the freebsd-questions mailing list