Re: [cobalt-users] attempted slam

[Mike Vanecek <nospam99@xxxxxxxxxxxx>]

On Tue, 13 Feb 2001 06:52:41 -0500, "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
wrote:

:>Follow-up on this;
:>I've got lots of saved logs where someone from "sympatico.ca" has tried to
:>get in; plenty of entries where portsentry has dropped their ip into the
:>hosts.deny file. But each time they try, they're on a different IP, so
:>that's not helping.
:>Tonight I dropped sympatico.ca itself into the hosts.deny file. I didn't
:>know I could do it like that, was just trying on the off-chance it would
:>work. (I thought I had to have an entire IP.)
:>Hopefully it will work. Keeping my fingers crossed.

Use ipchains/ipfwadm to block out the entire block of ips 64.155.0.0/16 type
of thing. That will remove that dial-up from bothering you. If the twit is
using that isp and needs to get in, then you will be contacted.

:>
:>Is there a more secure way to transfer files?  My SSH is set up to do this
:>(thanks Zeffie!) but I don't want my clients to have to have shell access
:>and have to buy SecureCRT to do it. Putty, a great little free SSH term,
:>doesn't do file transfers.

SecureFX can be used with ssh2 and it does not require shell access. You will
need to have at least 2.3.0 installed with sftp.

:>
:>I'm gonna do a run through the archives and see if I can find anything on
:>this, or if there's a way to only allow ftp access from a user login that
:>matches a certain IP range - that way, even if someone gets a client's
:>password, they still won't be able to login unless they're coming from the
:>same town my client is (more or less). I've got a list from my logs of each
:>of the clients logging in and their ISPs, so I could do this if I could find
:>a way to do it.

You could set up your firewall to accept requests from the ip range for the
ftp ports.