I am sure most of you have already resolved most of the problems with domains that we all see repeated scanning IP addresses for FTP openings, but I thought I would post this anyway in the event it might help someone. I am not a security expert or an expert in Linux, so this was a concern that I wasn't sure how to handle. I edited the hosts.deny file as someone suggested, and it wasn't successful. But after some reading on the matter, I found the problem was simply a dot. I edited the file again, and so far the FTP scans have quieted significantly. The only ones I see are new domains not currently listed in the file. For anyone having similar problems, this is how my hosts.deny file now reads:
ALL: .wanadoo.fr ALL: .t-dialin.net I didn't realize by adding the dot it denies the entire domain, which eliminates the need to block them by blocking large sections of IP addresses. This simply targets the problem domain, nothing more. While I imagine this is old news to most on this list, I hope it is useful to some of you. Regards, Ed _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
