From owner-freebsd-questions@FreeBSD.ORG Fri Jan 26 19:52:15 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C34C716A402 for ; Fri, 26 Jan 2007 19:52:15 +0000 (UTC) (envelope-from david+dated+1170271216.110843@skytracker.ca) Received: from 3s1.com (3s1.com [209.161.205.12]) by mx1.freebsd.org (Postfix) with ESMTP id 77E7A13C46E for ; Fri, 26 Jan 2007 19:52:15 +0000 (UTC) (envelope-from david+dated+1170271216.110843@skytracker.ca) Received: from 3s1.com (localhost [127.0.0.1]) by 3s1.com (8.13.6/8.13.6) with ESMTP id l0QJKGal032376 for ; Fri, 26 Jan 2007 14:20:16 -0500 (EST) (envelope-from david+dated+1170271216.110843@skytracker.ca) Received: (from david@localhost) by 3s1.com (8.13.6/8.13.6/Submit) id l0QJKGjI032375 for questions@freebsd.org; Fri, 26 Jan 2007 14:20:16 -0500 (EST) (envelope-from david+dated+1170271216.110843@skytracker.ca) X-Authentication-Warning: 3s1.com: david set sender to david+dated+1170271216.110843@skytracker.ca using -f Received: by 3s1.com (tmda-sendmail, from uid 1000); Fri, 26 Jan 2007 14:20:15 -0500 Date: Fri, 26 Jan 2007 14:20:14 -0500 To: Kevin Kinsey , questions@freebsd.org Message-ID: <20070126192012.GA30551@skytracker.ca> References: <20070126182013.GA10551@skytracker.ca> <45BA516A.7070402@daleco.biz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <45BA516A.7070402@daleco.biz> User-Agent: Mutt/1.4.2.1i X-Delivery-Agent: TMDA/1.1.5 (Fettercairn) From: David Banning X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on 3s1.com X-Virus-Status: Clean Cc: Subject: Re: thwarting repeated login attempts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jan 2007 19:52:15 -0000 > >I have discovered a vulnerability, that is new to me. Denyhosts > >does not seem to notice FTP login attempts, so the cracker can > >attempt to login via FTP, 1000's of times until he finds a > >login/password combination. > > > > Pardon the stupid question, but I'm assuming it's necessary that you run > ftpd? We block ftpd at the firewall to any machines outside the LAN. > Anyone who needs FTP access uses a client that's capable of using sftp > instead, and logs in with their SSH credentials. Hmm - interesting - I just -may- be able to disable using ftpd. But I still pose the same question - what do ftp servers do on this? Maybe -not- have ssh login? -or- maybe not have ssh login using the same login/password?