Re: FTP servers that ban abusers?

To: debian-security@lists.debian.org
Subject: Re: FTP servers that ban abusers?
From: Jens Gutzeit <jens@freebsdforum.de>
Date: Tue, 1 Jul 2003 03:18:42 +0200
Message-id: <[🔎] 200307010318.42857.jens@freebsdforum.de>
In-reply-to: <20030630152218.GA920@ccl.bham.ac.uk>
References: <20030630152218.GA920@ccl.bham.ac.uk>

Hmm, seems the list has lost my earlier mail, second try. Sorry for possible 
double posts.

On Monday 30 June 2003 17:22, Andrew Sayers wrote:

> Ideally. whenever someone tries to FTP in as root, ftp, backup, or some
> other administrative account, I'd like iptables to DROP further incoming
> FTP traffic from that address, and an e-mail to be sent automatically to
> me and their network's administrator.  Blocking FTP traffic immediately
> has the added benefit that they won't receive a "login refused" message,
> which might slow down any scanning attempts.

Well, IMHO this isn't job of the FTP daemon, it's the job of a log monitoring 
program. You can use logsurfer to monitor your logfiles in realtime and run a 
programm if an "attack" happens.

http://www.cert.dfn.de/eng/logsurf/

seems that there are no debian packages at the moment, but it's easy to 
compile.

> 	- Andrew

best regards,
Jens

Reply to:

Prev by Date: Re: OT: An Idea for an IDS
Next by Date: Re: Why is proftpd always started when one update it?
Previous by thread: Re: OT: An Idea for an IDS
Next by thread: Re: samba woody
Index(es):
- Date
- Thread