[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] OT?-Locking Out FTP Guackers
- Subject: Re: [cobalt-users] OT?-Locking Out FTP Guackers
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun Sep 22 08:06:02 2002
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
On Sunday 22 September 2002 10:33, Dave Thurman (Mailing List Email) wrote:
> We are running the Security programs that Gerald has posted on his site(Yea
> Gerald!) and it seems to be doing it's job quite well. We noticed that we
> had some anonymous FTP attempt last nigh, well all the time. Will
> portsentry lock them out with a few added commands, or would this lock out
> users that have maybe attempted with wrong credentials. Is the best way to
> look at the logs and place them manually in the hosts.deny files??
Unless they are continually scanning all your IP addresses, don't worry about
them (you do have the FTP updates) else they are looking for old FTP servers
that they can exploit. (if they are really being a pest, use ipchains
/sbin/ipchains -I input -s ip.ad.re.ss -j DENY
This will block them until the next time you restart ipchains (pmfirewall) or
reboot. or issue /sbin/ipchains -D input -s ip.ad.re.ss -j DENY (Delete)
Or
/sbin/route add -host ip.ad.re.ss reject
Will keep them away until you delete the route or reboot.
/sbin/route del -host ip.ad.re.ss reject
Gerald
--
http://frontstreetnetworks.com http://raqware.com
Front Street Networks LLC | Phone: 203-785-0699
229 Front Street, Ste C, New Haven, CT 06513-3203