[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-tech
Subject:    Re: propossed ftpd patch to modify -A operation on invalid userids
From:       "Todd C. Miller" <Todd.Miller () courtesan ! com>
Date:       2008-09-22 18:00:47
Message-ID: 200809221800.m8MI0lrP016370 () core ! courtesan ! com
[Download RAW message or body]

In message <20080919211020.GA24545@jggimi.homeip.net>
	so spake Josh Grosse (josh):

> I dislike script kiddies that attack "User Administrator" or "User root" 
> or "User test" in endless loops because their scripts do not understand 
> ftpd's 530 response:   
> 
>      Sorry, only anonymous ftp allowed.
> 
> Their scripts result in continuous connections and bandwidth use; plus,
> they fill up /var/log/xferlog with their excrement when -ll is used.  
> 
> As they only have a single state, stateful tracking options in PF cannot 
> be used to control them.
> 
> This simple patch adds an end_login(); so that their clients get disconnected
> .
> If their scripts reconnect, then I can control behaviour via stateful 
> tracking options.

I wonder if it wouldn't be better to simpling include "access denied"
in the 530 response.  I don't particularly like that solution either,
though.

 - todd

[prev in list] [next in list] [prev in thread] [next in thread]