[SGVLUG] More chump stumpers
Jeff Carlson
jeff at ultimateevil.org
Mon Sep 11 17:08:49 PDT 2006
Emerson, Tom wrote:
> -- honeypot/beesting: I happened to glance over at the blinky lights
> on my switch the other night and noticed a steady rythmic flash for a
> VERY long time; started tailing various log files until I found in
> /var/log/vsftpd.log thjat someone was "brute-force" attacking my
> anonymous FTP server (oh, the irony...) then I checked back "several
> days" and saw the same pattern repeated from different IP addresses; the
> thought occurred to have the FTP server go into "tarpit" mode or else
> trigger a DDoS return attack (ping -f or similar, nothing terribly
> sophisticated) until they got the point "don't try breaking in" [of
> course, this sort of network pushing and shoving gets into legal
> potholes, and neither one is "right", etc. etc., etc.]
You might investigate configuring DenyHosts to monitor FTP traffic
instead of SSH. It's just a Python script so theoretically you could
make the changes you need yourself.
On the other hand, you can put a note in your issue file for FTP which
states you will reciprocate their testing your security by testing
theirs, with Nessus on its most aggressive settings (most likely to
crash the remote machine). Don't forget to include a thank-you for
volunteering for your services.
More information about the SGVLUG
mailing list