Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, I run my own ftp server with vsftpd with slackware 10.0. Anyways I am currently having problems with users using the syst command to find out which OS I am running. The output of the syst command is:
Quote:
215 UNIX Type: L8
Can someone please tell me how I can disable the syst command in slackware 10.0? so users who connect to my ftp server cannot use this command?
thanks in advance
Heres a log from my packet sniffer, as you can see someone is really hammering my machine....anyone have any ideas what this person is trying to do exactly:
ok then in that case I won't disable syst if it hurts some ftp clients... but what do you guys think about my log above? I tried blocking the IP in /etc/hosts.deny but he's still hammering me....
thanks for helping me by the way
how can I stop 83.102.151.131 from abusing the server(as you can see in my log above) any ideas?
I've disabled ssh and have a firewall im really interested to know what this "CHECKSUM INCORRECT" means
I guess i'm paranoid this guy is trying to hack me(and I think he is) this is all going on right now as I type this
Hi again. It appears it you can disable SYST. I've just had a play around with my own server, and my commands config now reads:
cmds_allowed=QUIT,LIST,PASV,RETR,CWD,STOR,TYPE,PWD,SIZE,PORT,NLST
The previous one broke Internet Explorer and the Windows ftp client. Oops.
As for your log, it appears to be your machine which is generating broken packets, not the remote machine.
Yes this is a anonymous only FTP server. I recently had to take all my mp3 files of my FTP due to certain reason's.... actually I did so just today. So thats probably why he's changing to directorys that don't exist. Glad to hear I don't have to worry but at the same time this experience has made me up my firewall policies and my awareness which I guess is a good thing. I guess im just paranoid thanks again ilikejam
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.