LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-23-2005, 01:25 PM   #1
t3___
Member
 
Registered: Sep 2003
Posts: 240

Rep: Reputation: 30
How to ban IP addresses SUSE/VSFTPD


We are running a Suse 9.1 box with the current version of VSFTPD. The box only runs ftp services, and acts as a "swap space" between our customers and employees (requires authentication).

On occasion, rouge hosts on the Internet will attempt to login to the ftp service using dozens of typical account names (admin, root, backup, oracle, etc) and (what I'm assuming is) dictionary passwords (automatic hacking program). The attackers IP address gets logged in the vsftpd.log file.

I would like to implement IP bans on these hosts as they seem to come back and attempt port scans and other exploits after they realize we are running ftp services. What is the best way to go about this?

Any information would be greatly appreciated!

Tom
 
Old 05-23-2005, 01:36 PM   #2
twantrd
Senior Member
 
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,440

Rep: Reputation: 52
Use iptables and drop the ip's.

-twantrd
 
Old 05-23-2005, 01:53 PM   #3
t3___
Member
 
Registered: Sep 2003
Posts: 240

Original Poster
Rep: Reputation: 30
the server is already behind a firewall... would it make more sense to just issue the bans on the gnatbox/firewall?
 
Old 05-23-2005, 04:14 PM   #4
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
Yes, if you have a firewall outside of your ftp box, that would be the place to block the bad IP.

Peace,
JimBass
 
Old 05-23-2005, 06:51 PM   #5
stakhous
Member
 
Registered: May 2003
Location: PA
Posts: 82

Rep: Reputation: 15
I thought there was a file called "ftpaccess" where you could specify trusted/nontrusted IP's.

My 2 cents.
 
Old 05-23-2005, 07:58 PM   #6
twantrd
Senior Member
 
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,440

Rep: Reputation: 52
Quote:
I thought there was a file called "ftpaccess" where you could specify trusted/nontrusted IP's.
That's not an option in vsftpd. Well, I don't see where it is for my vsftpd.conf.

-twantrd
 
Old 05-23-2005, 08:05 PM   #7
t3___
Member
 
Registered: Sep 2003
Posts: 240

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by stakhous
I thought there was a file called "ftpaccess" where you could specify trusted/nontrusted IP's.

My 2 cents.
I was hoping there was a quick and dirty "deny" list or something, but as the other poster indicated, there doesnt seem to be a VSFTPD option...

Thanks for the help guys!
 
Old 05-23-2005, 09:32 PM   #8
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
What about
/etc/hosts.allow
/etc/hosts.deny
?


Cheers,
Tink
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SUSE: mind bogging addresses grautu SUSE / openSUSE 1 10-06-2005 10:33 AM
Suse 9.0 Pro Firewall not allowing multiple IP addresses youcanlaugh Linux - Networking 1 06-29-2004 06:11 PM
vsftpd ban IP dsgdevil Linux - Software 5 06-02-2004 12:44 AM
iptables ban rule hypton Linux - Networking 1 03-09-2004 11:42 PM
(Using Apache) How to IP ban? Onox Linux - Software 1 07-02-2003 06:05 PM


All times are GMT -5. The time now is 12:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration