> >I have discovered a vulnerability, that is new to me. Denyhosts > >does not seem to notice FTP login attempts, so the cracker can > >attempt to login via FTP, 1000's of times until he finds a > >login/password combination. > > > > Pardon the stupid question, but I'm assuming it's necessary that you run > ftpd? We block ftpd at the firewall to any machines outside the LAN. > Anyone who needs FTP access uses a client that's capable of using sftp > instead, and logs in with their SSH credentials.
Hmm - interesting - I just -may- be able to disable using ftpd. But I still pose the same question - what do ftp servers do on this? Maybe -not- have ssh login? -or- maybe not have ssh login using the same login/password? _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
