I have been researching FTP and noted that using FTP means you are vulnerable to these types of attacks. I have been looking for an safer alternative and came across SFTP. Is SFTP still vulnerable to these types of attacks?
Asked
Active
Viewed 2,965 times
3 Answers
5
Most services are available to brute forcing, and most have mechanisms to defend against it. You can likely use SSHGuard to prevent brute forcing as it written to detect multiple failed anomalous logins, and blocks (via IPTables) the connection. Or you could write your own script with checks and balances:
pseudocode
if
tail -n 1000 /var/log/messages | grep fail && grep sftp
then
cut field of IP and create iptable rule && run rule
fi
The better (optimal) option would be creating a rule to allow instances you trust, and blocking all others.
munkeyoto
- 8,682
- 16
- 31
1
SFTP is FTP over SSH. So take the usual SSH security measures, install denyhosts or fail2ban to lock out everyone that tries to bruteforce. Since the data is going through the secure SSH tunnel, well, yes, they can sniff it, but it would be worthless as everything is encrypted using a modern cipher. For SFTP, the attacker would only know the IP addresses of the two endpoints, but nothing else.
Rápli András
- 2,124
- 11
- 24
-
It's file transfer over SSH, but it's not actually "FTP" -- it doesn't have separate data connections and the problems that come from FTP's usage of `PORT`/`PASV`, for example. – user1686 Apr 17 '16 at 13:01
0
As already explained in the other answer, about brute-force, YES, it is vulnerable to brute-force as every public-facing service.
To answer also the other part of the question about spoof, sniffing and port stealing: NO, It is not because SFTP is using SSH and it is solving these problems (for more info, discuss specification or RFC's). Unless you don't check the fingerprints for the first connection. Then you are screwed anyway.
Jakuje
- 5,229
- 16
- 31