[CLUE-Tech] vsftpd question
Charles Oriez
coriez at oriez.org
Mon Jun 14 11:09:57 MDT 2004
At 12:01 PM 6/14/2004 -0400, Angelo Bertolli wrote:
>Charles Oriez wrote:
>
>>
>>I'm also open to other suggestions. I've denied access to our httpd
>>daemon for some overseas sites involved in this or other shenanigans, but
>>I assume that listing something in httpd.conf has no impact on vsftpd,
>>and vsftpd.conf doesn't seem to have a similar area for entering deny
>>instructions.
>
>
>Here are some configuration options:
>http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/ref-guide/s1-ftp-vsftpd-conf.html
>
>max_per_ip might help if they're trying to connect multiple times at once
>
>I say this because I'm suspecting that this is a DoS attack, not a crack
>attempt. First, there is no attempt at using a username or password, and
>second there is a known vulnerability to this in a previous version of vsftpd.
sounds plausible, but the connections are a few seconds apart according to
my messages log. They are also having no noticeable impact on
performance. I've added max_per_ip to my vsftpd.conf, but I am not sure
what impact it will have given the log info.
So far, no repeat performance today.
thanks for the help
Charles Oriez coriez at oriez.org
**
Save the hermetic seals.
More information about the clue-tech
mailing list