[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] FTP Scans
- Subject: Re: [cobalt-security] FTP Scans
- From: "Gerald Waugh" <gerald@xxxxxxxxx>
- Date: Fri, 16 Nov 2001 22:23:50 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> I am sure most of you have already resolved most of the problems with
> domains that we all see repeated scanning IP addresses for FTP openings, but
> I thought I would post this anyway in the event it might help someone. I am
> not a security expert or an expert in Linux, so this was a concern that I
> wasn't sure how to handle. I edited the hosts.deny file as someone
> suggested, and it wasn't successful. But after some reading on the matter, I
> found the problem was simply a dot. I edited the file again, and so far the
> FTP scans have quieted significantly. The only ones I see are new domains
> not currently listed in the file. For anyone having similar problems, this
> is how my hosts.deny file now reads:
>
> ALL: .wanadoo.fr
> ALL: .t-dialin.net
>
> I didn't realize by adding the dot it denies the entire domain, which
> eliminates the need to block them by blocking large sections of IP
> addresses. This simply targets the problem domain, nothing more. While I
> imagine this is old news to most on this list, I hope it is useful to some
> of you.
>
Or you could just block ftp with
in.proftpd : .wanadoo.fr .t-dialin.net
Gerald