[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] ftp-scans (was: Sendmail attacks)
- Subject: RE: [cobalt-security] ftp-scans (was: Sendmail attacks)
- From: "Jelmer Jellema" <lists@xxxxxxxxxxxxxxx>
- Date: Thu, 6 Nov 2003 18:29:03 +0100
- Organization: Spin in het Web www.spininhetweb.nl
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> OTOH in regards to attacks: In the last couple of days I've
> heard from
> multiple people (and had to endure these scans myself) that there are
> currently tons of automated scans against FTP - with the
> username admin.
> These scans seem to be automated and appear to go to multipe
> IP-addresses in
> the same subnet at the same time.
>
> So a quick reminder to all with easy to guess or dictionary
> based admin
> passwords: Change your admin password to something at least 8
> characters
> long, mix upper case and lower case and throw in some letters
> and special
> characters.
Or do as I did:
- block ftp using ipchains
- build a website to which your customers can log on (use ssl)
- in this site give them a button to a script that adds their ip to a
special ipchains chain that grands them access to ftp (takes some suid-ing,
you could even use the cobalt admin server......)
- flush this chain every night at say 5am
So you and your users can use ftp, no scanners even get to the service, you
can log who asked access from which machine.
Even changing the ftp-port helps against scans like these (but not against
other atacks or customers phoning you all the time).
Jelmer