Re: FTP servers that ban abusers?
Hmm, seems the list has lost my earlier mail, second try. Sorry for possible
double posts.
On Monday 30 June 2003 17:22, Andrew Sayers wrote:
> Ideally. whenever someone tries to FTP in as root, ftp, backup, or some
> other administrative account, I'd like iptables to DROP further incoming
> FTP traffic from that address, and an e-mail to be sent automatically to
> me and their network's administrator. Blocking FTP traffic immediately
> has the added benefit that they won't receive a "login refused" message,
> which might slow down any scanning attempts.
Well, IMHO this isn't job of the FTP daemon, it's the job of a log monitoring
program. You can use logsurfer to monitor your logfiles in realtime and run a
programm if an "attack" happens.
http://www.cert.dfn.de/eng/logsurf/
seems that there are no debian packages at the moment, but it's easy to
compile.
> - Andrew
best regards,
Jens
Reply to: