Could a viable solution for these scans be to just deny ftp access for admin? I know in our case we never have anyone using admin to ftp. I'm not sure how to deny ftp access for the admin account though.
Chad Eldridge Swifttel Communications Cybersouth Networks [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Stauber Sent: Thursday, November 06, 2003 2:40 PM To: [EMAIL PROTECTED] Subject: Re: [cobalt-security] ftp-scans (was: Sendmail attacks) > - build a website to which your customers can log on (use ssl) > - in this site give them a button to a script that adds their ip to a > special ipchains chain that grands them access to ftp (takes some suid-ing, > you could even use the cobalt admin server......) > - flush this chain every night at say 5am Yeah, that is a good idea. I think I year ago I wrote a small extension to the existing POP-before-SMTP which basically extended its functionality to POP-before-FTP, too. It dynamically queried the POP-before-SMTP database of IPs every 5 minutes and then allowed FTP for these IPs for the next 30 minutes. But that's still not a really satisfying solution due to the extra overhead - both technically and also from a support point of view. -- With best regards, Michael Stauber _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
