Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: ftp hacker

ftp hacker 11 years 6 months ago #18954

  • Brandonh
  • Brandonh's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 81
  • Thank you received: 0
I have this guy who is trying to hack into my ftp server i see several Microsoft ftp services failed authentication attempts by administrator and i know its not me lol. Does anyone know of any network monitoring softare available that can record those connection attempts and provide me an IP address ?

Please Log in to join the conversation.

Re: ftp hacker 11 years 6 months ago #18956

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 1302
  • Karma: 1
  • Thank you received: 0
Most FTP servers usually have a built-in logging option. Check the documentation for your particular server or post its name here. If you're definitely sure that your FTP server does not have a logging option, you could rely on your firewall logs (i.e. if you have one)

Please Log in to join the conversation.

Re: ftp hacker 11 years 6 months ago #18957

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1577
  • Karma: 3
  • Thank you received: 7
Check out Snort here:

www.snort.org/

Please Log in to join the conversation.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx

Re: ftp hacker 11 years 6 months ago #18958

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
Pretty sure the MS FTP logs all connections to a log file within the c:\windows\system32\logfiles. Within here you should see logging for the FTP Service (may need to turn on additional logging options to get useful stuff from it though).

Once you have identified the IP Address info, you can then block it on the FTP server aswell as your external firewall.

Cheers

Please Log in to join the conversation.

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.

yeah i had to set the ip option 11 years 6 months ago #18965

  • Brandonh
  • Brandonh's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 81
  • Thank you received: 0
yeah i had to set the ip option in order to get the ip addresses

Please Log in to join the conversation.

Re: ftp hacker 11 years 6 months ago #18978

  • sose
  • sose's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 814
  • Karma: 3
  • Thank you received: 4
I quite agree with Smurf about the log files .Also you can couple that by enabling auditing in the security analysis and configuration tool in mmc.

Also, you can use the "netstat -n" to check ip addresses running at your background .If are conversant with port numbers, you can figure out strange port numbers and block them.

Please Log in to join the conversation.

Time to create page: 0.168 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup