Click here to get back home

FTP Attack
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
FTP Attack boaz 07-20-2006
|--> Re: FTP Attack Roger Abell [MV...07-20-2006
---> Re: FTP Attack karl levinson, ...07-21-2006
Posted by boaz on July 20, 2006, 8:27 pm
Please log in for more thread options
 Hi,

Recently, there is a bot that is trying to connect to my FTP non stop with a
predefined list of user names and password.
The names start from "A" to "Z".

The bot comes every day...

Would you guy give me an idea what to do to stop it please?

Thanks!



--
> There is no answer.
> There has not been an answer.
> There will not be an answer.
> That IS the answer!
> And I am screwed.
> Deadline was due yesterday.
>
> There is no point to life.
> THAT IS THE POINT.
> And we are screwed.
> We will run out of oil soon.

http://spaces.msn.com/bzDaCat



Posted by Roger Abell [MVP] on July 20, 2006, 10:05 pm
Please log in for more thread options
 options
- shut off ftp server
- use a firewall and disallow the origin pest
- use IPsec to control allowed origins to ftp

> Hi,
>
> Recently, there is a bot that is trying to connect to my FTP non stop with
> a predefined list of user names and password.
> The names start from "A" to "Z".
>
> The bot comes every day...
>
> Would you guy give me an idea what to do to stop it please?
>
> Thanks!
>
>
>
> --
>> There is no answer.
>> There has not been an answer.
>> There will not be an answer.
>> That IS the answer!
>> And I am screwed.
>> Deadline was due yesterday.
>>
>> There is no point to life.
>> THAT IS THE POINT.
>> And we are screwed.
>> We will run out of oil soon.
>
> http://spaces.msn.com/bzDaCat
>



Posted by karl levinson, mvp on July 21, 2006, 9:16 am
Please log in for more thread options


> Recently, there is a bot that is trying to connect to my FTP non stop with
> a predefined list of user names and password.
> The names start from "A" to "Z".
>
> Would you guy give me an idea what to do to stop it please?

Well, if your FTP server is for public use from a large number of unknown IP
addresses, you're going to get this stuff, no permanent way around it.

Here's information that should help you set up IPSec rules to control who
can and cannot access your server:

http://securityadmin.info/faq.asp?ipsec

But better than IPSec for your situation is to use a firewall [because of
improved logging, GUI, traffic inspection and other functionality]. There
is free firewall software out there, such as www.zonealarm.com

--
kind regards,
Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
--------------------------------
Microsoft Security FAQ:
http://securityadmin.info



Posted by bagins on July 21, 2006, 12:12 pm
Please log in for more thread options
Are you running FTP service on server OS, or on the workstation OS?
Zone Alarm is OK, but I think that free version is for workstations only.
Also, you will have to know all IP addresses that BOT might ever use, which
is almost impossible due to the nature of the IRC architecture (we are
talking about IRC BOT , right?).
IPSec is better solution if you don't run public FTP. It can deny SYN TCP
packets, for every unauthenticated and/or non-IPSec connection attempt.


--

************************
Best regards
Bagins
************************


>
>
>> Recently, there is a bot that is trying to connect to my FTP non stop
>> with a predefined list of user names and password.
>> The names start from "A" to "Z".
>>
>> Would you guy give me an idea what to do to stop it please?
>
> Well, if your FTP server is for public use from a large number of unknown
> IP addresses, you're going to get this stuff, no permanent way around it.
>
> Here's information that should help you set up IPSec rules to control who
> can and cannot access your server:
>
> http://securityadmin.info/faq.asp?ipsec
>
> But better than IPSec for your situation is to use a firewall [because of
> improved logging, GUI, traffic inspection and other functionality]. There
> is free firewall software out there, such as www.zonealarm.com
>
> --
> kind regards,
> Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
> --------------------------------
> Microsoft Security FAQ:
> http://securityadmin.info
>



Posted by boaz on July 21, 2006, 12:38 pm
Please log in for more thread options
Thanks for the tips. I will try to look for what IPSec can help.
I am thinking simple. Instead of going nut with this thing.
How about just change the FTP port to something other than 21?

This should stop that zombie. And if that zombie tries to start a port
scan, the firewall should stop it... right?

or... even simplier... should I just call my ISP and get angry or something?




>
>
>> Recently, there is a bot that is trying to connect to my FTP non stop
>> with a predefined list of user names and password.
>> The names start from "A" to "Z".
>>
>> Would you guy give me an idea what to do to stop it please?
>
> Well, if your FTP server is for public use from a large number of unknown
> IP addresses, you're going to get this stuff, no permanent way around it.
>
> Here's information that should help you set up IPSec rules to control who
> can and cannot access your server:
>
> http://securityadmin.info/faq.asp?ipsec
>
> But better than IPSec for your situation is to use a firewall [because of
> improved logging, GUI, traffic inspection and other functionality]. There
> is free firewall software out there, such as www.zonealarm.com
>
> --
> kind regards,
> Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
> --------------------------------
> Microsoft Security FAQ:
> http://securityadmin.info
>



Similar ThreadsPosted
RDP Dictionary Attack Logon Failures - Capture Internet IP Address? July 30, 2007, 8:03 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap