On 29/08/06, Peter-Paul <[EMAIL PROTECTED]> wrote: > Christopher Murtagh wrote: > > >On 8/28/06, Eric Dunbar <[EMAIL PROTECTED]> wrote: > > > >>I recently activated vsftpd on my server and I'm noticing statistics > >>in the daily server report (automagically sent to root by all servers) > >>that suggest someone's trying a dictionary attack (presumably) on my > >>ftp server (10000+ login attempts ;-). > > > >Welcome to the world of having a publicly facing machine. :-( > >You'll probably get piles of ssh attempts too, and lots of other > >things, many of which aren't even Linux related. > > > >>1. Will the firewall provide protection against these attempts with > >>the defaults (I'm not 100% sure how to read the defaults yet)? > > > >If you don't allow external ftp, your firewall will help, but nothing > >is 100%. However, the firewall won't help if you need to keep port 21 > >open to the public. > > I noticed that vsftpd uses TCP Wrappers. So you could place the > suspected IPs in the /etc/hosts.deny. Or maybe even better: (if > possible) Place the ligimit IPs in the /etc/hosts.allow and block the rest. > > Surely this is something diffirent than firewall-rules, but it's a start. > http://linuxhelp.blogspot.com/2005/10/using-tcp-wrappers-to-secure-linux.html > > BTW: If you're familiar with scripting, the hosts.allow/deny files are > wonderful to secure your system, since you don't need to restart you're > vsftpd or sshd. (BTW: Apache does not support TCP Wrappers) > > I'm planning to create a perlscript that actively monitors my logs and > dynamicly adjusts the /etc/hosts.deny/allow files to automaticly secure > my system. > If you're interested, you're invited/welcome to use it! :)
Thanks for the URL -- I will implement that solution (but, I'd also like to know how to get iptables to do it too ;-). As for the perl script, if and when you finish it, feel free to send it along ;-) (or post it here). I wouldn't mind seeing it. Eric. _______________________________________________ yellowdog-general mailing list [email protected] http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com'
