[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] FTP Scans
- Subject: Re: [cobalt-security] FTP Scans
- From: "Ed Morgan" <excalde@xxxxxxx>
- Date: Fri, 16 Nov 2001 16:55:01 -0600
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I am sure most of you have already resolved most of the problems with
domains that we all see repeated scanning IP addresses for FTP openings, but
I thought I would post this anyway in the event it might help someone. I am
not a security expert or an expert in Linux, so this was a concern that I
wasn't sure how to handle. I edited the hosts.deny file as someone
suggested, and it wasn't successful. But after some reading on the matter, I
found the problem was simply a dot. I edited the file again, and so far the
FTP scans have quieted significantly. The only ones I see are new domains
not currently listed in the file. For anyone having similar problems, this
is how my hosts.deny file now reads:
ALL: .wanadoo.fr
ALL: .t-dialin.net
I didn't realize by adding the dot it denies the entire domain, which
eliminates the need to block them by blocking large sections of IP
addresses. This simply targets the problem domain, nothing more. While I
imagine this is old news to most on this list, I hope it is useful to some
of you.
Regards,
Ed
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp