host.deny question

[gaf at blu.org (Jerry Feldman)]

First, my thoughts are why do you have ftp open in the first place? Ftp is a very large security 
hole. John and I had ftp open last year on Tarnhelm. One of the common attacks is for someone 
to come in anonymously and siomply fill up the file system with garbage. I strongly suggest that 
you not run an ftp (or telnet) server unless you have no other choice. 

You should be able to use ipchains or iptables to block that ip address. Also, you can use the 
/etc/hosts_deny file if you wish to continue using and ftp server. 
On 16 Jan 2002 at 10:58, Phil Buckley wrote:

> I have been getting messages logged about once a week from someone trying to open an anon ftp session on my redhat 7.1 system from France. Since I don't know who they are, I would like to put their domain in my host.deny file rather then just their dial-up IP address each time (which psionic 
does automagically for me). Here's a snippet of the last alert:
> 
> Jan 16 08:45:40 water ftpd[26918]: FTP LOGIN REFUSED (anonymous ftp denied on default server) FROM AMontsouris-103-1-5-65.abo.wanadoo.fr [80.14.150.65], anonymous
> 
> 
> So just wanted to see if my syntax is correct...
> ALL: abo.wanadoo.fr
> 
> Will that keep anyone from trying to connect from that ISP?
> 
> Phil
> 
> 
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss

Jerry Feldman <gaf at blu.org>
Associate Director
Boston Linux and Unix user group
http://www.blu.org