[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] ftp-scans (was: Sendmail attacks)
- Subject: RE: [cobalt-security] ftp-scans (was: Sendmail attacks)
- From: "Chad" <netsecure@xxxxxxxxxxxx>
- Date: Thu, 6 Nov 2003 15:59:16 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Could a viable solution for these scans be to just deny ftp access for
admin? I know in our case we never have anyone using admin to ftp. I'm
not sure how to deny ftp access for the admin account though.
Chad Eldridge
Swifttel Communications
Cybersouth Networks
chad@xxxxxxxxxxxxxx
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of Michael
Stauber
Sent: Thursday, November 06, 2003 2:40 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] ftp-scans (was: Sendmail attacks)
> - build a website to which your customers can log on (use ssl)
> - in this site give them a button to a script that adds their ip to a
> special ipchains chain that grands them access to ftp (takes some
suid-ing,
> you could even use the cobalt admin server......)
> - flush this chain every night at say 5am
Yeah, that is a good idea.
I think I year ago I wrote a small extension to the existing
POP-before-SMTP
which basically extended its functionality to POP-before-FTP, too. It
dynamically queried the POP-before-SMTP database of IPs every 5 minutes
and
then allowed FTP for these IPs for the next 30 minutes.
But that's still not a really satisfying solution due to the extra
overhead -
both technically and also from a support point of view.
--
With best regards,
Michael Stauber
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security