Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: ftp hacker

ftp hacker 9 years 11 months ago #18954

  • Brandonh
  • Brandonh's Avatar
  • Offline
  • Distinguished Member
  • Posts: 81
  • Karma: 0
I have this guy who is trying to hack into my ftp server i see several Microsoft ftp services failed authentication attempts by administrator and i know its not me lol. Does anyone know of any network monitoring softare available that can record those connection attempts and provide me an IP address ?
The administrator has disabled public write access.

Re: ftp hacker 9 years 11 months ago #18956

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
Most FTP servers usually have a built-in logging option. Check the documentation for your particular server or post its name here. If you're definitely sure that your FTP server does not have a logging option, you could rely on your firewall logs (i.e. if you have one)
The administrator has disabled public write access.

Re: ftp hacker 9 years 11 months ago #18957

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Check out Snort here:

www.snort.org/
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: ftp hacker 9 years 11 months ago #18958

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Pretty sure the MS FTP logs all connections to a log file within the c:\windows\system32\logfiles. Within here you should see logging for the FTP Service (may need to turn on additional logging options to get useful stuff from it though).

Once you have identified the IP Address info, you can then block it on the FTP server aswell as your external firewall.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

yeah i had to set the ip option 9 years 11 months ago #18965

  • Brandonh
  • Brandonh's Avatar
  • Offline
  • Distinguished Member
  • Posts: 81
  • Karma: 0
yeah i had to set the ip option in order to get the ip addresses
The administrator has disabled public write access.

Re: ftp hacker 9 years 11 months ago #18978

  • sose
  • sose's Avatar
  • Offline
  • Honored Member
  • Posts: 813
  • Thank you received: 4
  • Karma: 3
I quite agree with Smurf about the log files .Also you can couple that by enabling auditing in the security analysis and configuration tool in mmc.

Also, you can use the "netstat -n" to check ip addresses running at your background .If are conversant with port numbers, you can figure out strange port numbers and block them.
sose
Network Engineer
analysethis.co/index.php/forum/index
The administrator has disabled public write access.
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup