thwarting repeated login attempts
David Banning
david+dated+1170271216.110843 at skytracker.ca
Fri Jan 26 19:52:15 UTC 2007
> >I have discovered a vulnerability, that is new to me. Denyhosts
> >does not seem to notice FTP login attempts, so the cracker can
> >attempt to login via FTP, 1000's of times until he finds a
> >login/password combination.
> >
>
> Pardon the stupid question, but I'm assuming it's necessary that you run
> ftpd? We block ftpd at the firewall to any machines outside the LAN.
> Anyone who needs FTP access uses a client that's capable of using sftp
> instead, and logs in with their SSH credentials.
Hmm - interesting - I just -may- be able to disable using ftpd.
But I still pose the same question - what do ftp servers do on this?
Maybe -not- have ssh login? -or- maybe not have ssh login using the
same login/password?
More information about the freebsd-questions
mailing list