[CLUE-Tech] vsftpd question
Charles Oriez
coriez at oriez.org
Tue Jun 15 05:58:43 MDT 2004
At 12:01 PM 6/14/2004 -0400, Angelo Bertolli wrote:
>Charles Oriez wrote:
>
>>
>>I'm also open to other suggestions. I've denied access to our httpd
>>daemon for some overseas sites involved in this or other shenanigans, but
>>I assume that listing something in httpd.conf has no impact on vsftpd,
>>and vsftpd.conf doesn't seem to have a similar area for entering deny
>>instructions.
>
>
>Here are some configuration options:
>http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/ref-guide/s1-ftp-vsftpd-conf.html
>
>max_per_ip might help if they're trying to connect multiple times at once
>
>I say this because I'm suspecting that this is a DoS attack, not a crack
>attempt. First, there is no attempt at using a username or password, and
>second there is a known vulnerability to this in a previous version of vsftpd.
>
>Also if you're using xinetd, you might want to see if there's a way it can
>handle these particular configurations you are looking for.
>
didn't work. between 2045 and 2322 last night, 24.122.3.138 tried to
connect 3441 times.
Charles Oriez coriez at oriez.org
**
Save the hermetic seals.
More information about the clue-tech
mailing list