Date: Fri, 26 Jan 2007 15:02:37 -0500 From: Bill Moran <wmoran@collaborativefusion.com> To: David Banning <david+dated+1170267615.a090fc@skytracker.ca> Cc: questions@freebsd.org Subject: Re: thwarting repeated login attempts Message-ID: <20070126150237.e2192773.wmoran@collaborativefusion.com> In-Reply-To: <20070126182013.GA10551@skytracker.ca> References: <20070126182013.GA10551@skytracker.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to David Banning <david+dated+1170267615.a090fc@skytracker.ca>: > I have installed denyhosts from the ports to stop ssh attacks, but > I have discovered a vulnerability, that is new to me. Denyhosts > does not seem to notice FTP login attempts, so the cracker can > attempt to login via FTP, 1000's of times until he finds a > login/password combination. We refuse to run ftp because it's nearly impossible to secure. > Once he has a login/password combo, he can simple login via ssh, > (provided that user has a shell account). Yeah, that's really bad. You can end up with the same problem if you run smtp auth without tls. > Is there anyway to block multiple FTP login attempts? I'm sure there is, but why bother? It would actually be _easier_ for most crooks to simply sniff the passwords right off the wire. If you really think it's worthwhile, you can probably tweak denyhosts to properly regex the ftp logs. A better solution (assuming you can't ditch ftp, which would be the _best_ choice) would be to set up your ftpd so it has different passwords than ssh/scp. There are a number of ftp servers out there capable of this. -- Bill Moran Collaborative Fusion Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070126150237.e2192773.wmoran>