[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] FTP Scans

Subject: Re: [cobalt-security] FTP Scans
From: "Gerald Waugh" <gerald@xxxxxxxxx>
Date: Fri, 16 Nov 2001 22:23:50 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> I am sure most of you have already resolved most of the problems with 
> domains that we all see repeated scanning IP addresses for FTP openings, but 
> I thought I would post this anyway in the event it might help someone. I am 
> not a security expert or an expert in Linux, so this was a concern that I 
> wasn't sure how to handle. I edited the hosts.deny file as someone 
> suggested, and it wasn't successful. But after some reading on the matter, I 
> found the problem was simply a dot. I edited the file again, and so far the 
> FTP scans have quieted significantly. The only ones I see are new domains 
> not currently listed in the file. For anyone having similar problems, this 
> is how my hosts.deny file now reads:
> 
> ALL: .wanadoo.fr
> ALL: .t-dialin.net
> 
> I didn't realize by adding the dot it denies the entire domain, which 
> eliminates the need to block them by blocking large sections of IP 
> addresses. This simply targets the problem domain, nothing more. While I 
> imagine this is old news to most on this list, I hope it is useful to some 
> of you.
>
 
Or you could just block ftp with
in.proftpd : .wanadoo.fr .t-dialin.net

Gerald

Follow-Ups:
- RE: [cobalt-security] FTP Scans
  - From: Simon Wilson

References:
- Re: [cobalt-security] FTP Scans
  - From: Ed Morgan

Prev by Date: Re: [cobalt-security] [SECURITY WARNING] All Neomail users
Next by Date: Re: [cobalt-security] FTP Scans
Previous by thread: Re: [cobalt-security] FTP Scans
Next by thread: RE: [cobalt-security] FTP Scans

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index