From: erik quanstrom <quanstro@coraid.com>
To: 9fans@9fans.net
Subject: Re: [9fans] standalone authserver on CF card
Date: Mon, 14 Apr 2008 12:13:22 -0400 [thread overview]
Message-ID: <242353c55a20c843fc4187646ca07360@coraid.com> (raw)
In-Reply-To: <6c5ae98825f18645410a8cf7ab4cf8a7@csplan9.rit.edu>
this really helps us. i know that steve has a list of bad
ftp users to reject out-of-hand, but this exponential backoff
keeps the bad guys from bothering our auth server enough to
notice. we still get quite a few connections, though
- erik
/n/sources/plan9//sys/src/cmd/ip/ftpd.c:519,524 - ftpd.c:519,528
int
usercmd(char *name)
{
+ static int usercmds = 1000;
+
+ if(usercmds <<= 1 > 2000)
+ sleep(usercmds);
logit("user %s %s", name, nci->rsys);
if(loggedin)
return reply("530 Already logged in as %s", user);
/n/sources/plan9//sys/src/cmd/ip/ftpd.c:537,542 - ftpd.c:541,548
strcpy(user, "none");
else if(anon_everybody)
strcpy(user,"none");
+ if(strcmp(user, "Administrator") == 0)
+ return reply("530 no way jose");
if(strcmp(user, "*none") == 0){
if(!anon_ok)
return reply("530 Not logged in: anonymous disallowed");
/n/sources/plan9//sys/src/cmd/ip/ftpd.c:593,600 - ftpd.c:599,606
ch->nresp = strlen(response);
ai = auth_response(ch);
if(ai == nil) {
- static long delay = 100;
-
+ static long delay = 1000;
+ hoser:
sleep(delay); /* deter password-guessers */
if (delay < 60*1000)
delay *= 2;
/n/sources/plan9//sys/src/cmd/ip/ftpd.c:601,607 - ftpd.c:607,613
return reply("530 Not logged in: %r");
}
if(auth_chuid(ai, nil) < 0)
- return reply("530 Not logged in: %r");
+ goto hoser;
auth_freechal(ch);
ch = nil;
next prev parent reply other threads:[~2008-04-14 16:13 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-14 15:22 Matthias Teege
2008-04-14 15:51 ` erik quanstrom
2008-04-14 16:01 ` john
2008-04-14 16:13 ` erik quanstrom [this message]
2008-04-14 16:06 ` Matthias Teege
2008-04-14 16:19 ` erik quanstrom
2008-04-14 16:40 ` John Stalker
2008-04-15 7:26 ` Matthias Teege
2008-04-15 11:31 ` kokamoto
2008-04-15 12:32 ` Matthias Teege
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=242353c55a20c843fc4187646ca07360@coraid.com \
--to=quanstro@coraid.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).