发信人: hackerbay(阿土)
整理人: hackerbay(2002-09-06 16:48:52), 站内信件
|
解决proftpd在client连接的时候需要等5秒才开始验证用户的方法
有两个原因引起这个现象:
1。proftpd试图通过DNS反解得到对方IP对应的域名;
2。proftpd试图通过连接对方机器的113端口得到对方信息,这个影响最大。
这两个操作如果不成功就会等待到超时才开始验证用户。
解决方法分两方面:
1、取消DNS反解
#/usr/local/etc/proftpd.conf
ServerName "ftp.spamming-death.com FTP server"
ServerType standalone
DefaultServer on
ServerIdent off
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# This is a non-customer usable name, (ie they should be connecting via www.{domain})
# not 'hostname'. Therefore let's dump them in a dummy account and wait for them to
# scream.
#
DefaultRoot /ftp/
#
# Performance, let's do DNS resolution when we process the logs...
#
#取消DNS反解
UseReverseDNS off
#
2、阻止proftpd向外发送113请求:
首先必须在proftpd的网络出口(本机或网关)配置防火墙(本例使用ipfilter);
然后设置如下规则在/etc/ipf.rules的最后
# TUTU add for disable 113 port
block out on lnc0 proto tcp/udp from any to any port = 113 keep state
#lnc0为本机外出网络口。
即可圆满解决该问题。
|
|