Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Prevent VSFTPD from looping attempts

Posted on 2006-07-04
7
Medium Priority
?
388 Views
Last Modified: 2008-01-09
Experts,

How can I sercure my VSFTP Server from looping attempts? With this looping attempts it causes internet connection to decrease the bandwidth. They are using a unknown user/password but I think it has an effect to the server's attention that cause slow internet connection. How can set my VSFTP to 3 or 10 times attempts then beyond that unsuccessfull connection it totally blocked the connecting IP?

Thanks:)
0
Comment
Question by:marvelsoft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 16

Expert Comment

by:xDamox
ID: 17038828
Hi,

You should uses pam_abl

http://www.hexten.net/pam_abl/

Once you have installed pam_abl just edit your /etc/pam.d/vsftpd file and add:

auth        required        /lib/security/pam_abl.so config=/etc/security/pam_abl.conf
0
 

Author Comment

by:marvelsoft
ID: 17040090
Hi xDamox,

I've encountered difficulty on installing pam_abl. Im looking for a compile installer of pam_abl using apt-get but I could'nt find anything. If so, is there a package in debian for pam_abl?

My second option using shorewall(sarge) for this. Below is my code:
====================
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 4 -j DROP
====================

But my problem is how can incorporated this code in shorewall?


Thanks:)


0
 

Author Comment

by:marvelsoft
ID: 17040093
That code is for ssh. can I do that also in vsftpd?
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 16

Expert Comment

by:xDamox
ID: 17041289
Hi,

What distrobution are you using? Also the iptables should work just change the port to 21
0
 

Author Comment

by:marvelsoft
ID: 17043713
Hi,

Debian Sarge Linux 2.6.8-3-686-smp i686 GNU/Linux is kernel version and im using apt-get method and get files from Debian FTPs (deb http://debian.logiclinux.com/debian/ stable main).

That must be port 21 for ftp I omitted. What I mean is how can I incorporate this code below in shorewall?

====================
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 4 -j DROP
====================

Thanks :)
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17044378
Hi,

I aint messed with shorewall, but I think you SSH into shorewall and add the rule to your INPUT rules.
0
 
LVL 18

Accepted Solution

by:
decoleur earned 375 total points
ID: 17116125
marvelsoft-

I tried pam_abl as well and had no luck with getting it to work. what I have gotten great successfrom is portsentry... you can use apt-get to acquire it (I think)

Package: portsentry (1.2-10)
http://packages.debian.org/unstable/net/portsentry
Securing and Optimizing Linux: RedHat Edition -A Hands on Guide -14.5. PortSentry
http://www.faqs.org/docs/securing/chap14sec116.html
PortSentry and Snort Compared
http://www.linux.ie/articles/portsentryandsnortcompared.php

the only down side is that you have to unblackhole the blocked group every once in a while.

hope this helps

-t
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question