Results 1 to 8 of 8

Thread: Ftp

  1. #1

    Ftp

    Hi!

    I have an ISP server that i, of course, would like to keep
    safe. I know that my password can be sniffed with some kind
    of password, brute force thing, but how does the hackers trigger
    this at a server and how do i prevent it?


  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    276
    You can prevent brute force intrusions by disabling the ftp account after x times of wrong password given. (3 is a good number)
    But first you can get familiar with different buzz words by reading a bit here http://www.antionline.com/jargon/
    take a look at sniffing and brute force
    Dear Santa, I liked the mp3 player I got but next christmas I want a SA-7 surface to air missile

  3. #3
    and also use difficult to crack passwords

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    681
    yeah... i have to agree with these guys... some of your best bets are to monitor the ftp things and use alpha-numeric passwords. also i would make sure to keep an eye on who is trying to connect.... and notice who i making lots of attempt and failing.... stuff like that.

  5. #5
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164

    Post

    Just to add more what these guys mentioned (as they know what they're talking about). In this is, I'm using Red Hat 7.1
    as an example.

    1: make sure all system accounts are in /etc/ftpusers. This will ensure nobody can ftp in as a system account.
    2: in /etc/ftpaccess, make sure loginfails is set to something mentioned above, like 3. This ensures immediate disconnect
    when they fail the 3rd time. Not to mention, it's logged.
    3: Also, point the 'message' towards a home-grown file stating that only authorized access (permissible accounts that are valid) is allowed. This ensures that if something *does* happen, you have valid proof if you press charges that you had a warning up front. I suggest changing /etc/rc.d/rc.sysinit as well to make sure /etc/issue and /etc/issue.net have stuff that's shown on telnet.
    4: Make sure anonymous ftp is very secure.
    5: Make sure users have passwords 6-8 characters in length, varying from a-z, A-Z, 0-9, and all metacharacters. While a pain in the @$$ to enforce, it makes it MUCH harder for l33t h@xX0rs to "brute force" their way in.
    6: Find a method for end-to-end encryption of all ftp traffic, like sftp with ssh. This encrypts the data using the ssh transport.
    SSH is a great tool to utilize...
    7: EDUCATE YOUR USERS. 5 minutes of knowledge can save days worth of headaches.


    Mainly, ftp is set up for pretty secure right-out-of-the-box for RH 7.1. You'll see a lot of what I mentioned already in place, but if you're patching/etc, check for it.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  6. #6
    Brute force programs of course work off of dictionary files that provide common words to try as passwords, but some brute forcers can be set to try every combination of letters with a certain number of letters. The best way to get keep your password safe from brute forcers is to make your password a random series of numbers and letters. A number at the end of a password does no good. Mix your letters and numbers well.
    A buttered piece of bread always lands butter side down;
    A cat always lands on its feet;
    A cat with a buttered piece of bread strapped to its back hovers feet above the ground in a state of quantum indecision

  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164

    Post

    Oh yeah, one more thing about passwords that might not be known to a lot of people learning:

    General default minimum length is 5
    Maximum "checked" length is 8 (so entering N3cR0m@nT1cG0r3lusT won't work...it'll check N3cR0m@n and that's it).
    General installs provide a base dictionary to check against so it might tell you that 'house4sale' is too easy to crack because it has 1 number and 2 real words found in the dictionary but the password 'sh1gG1tY' would pass (maybe not crack's extensive dictionary assault).

    A good way to check is to get the latest version of crack and run it through. You can add words to your dictionary and recompile it so that it'll include those checks. DISCLAIMER: make sure you have permission if you're not the SA! SAs love to deny access to someone when they see through 'ps -ef' that someone's running crack on their password file (mainly those that don't use shadowed password files).

    And wouldn't you know, I can't find the link to download crack...
    I do NOT suggest doing a look for just 'crack' on the net!
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  8. #8
    some hard-core brute forcers check H4x0r t41k letter substitutions.
    A buttered piece of bread always lands butter side down;
    A cat always lands on its feet;
    A cat with a buttered piece of bread strapped to its back hovers feet above the ground in a state of quantum indecision

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •