Skip to main content

ftp hacker

More
17 years 11 months ago #18982 by Smurf
Replied by Smurf on topic Re: ftp hacker

Also, you can use the "netstat -n" to check ip addresses running at your background .If are conversant with port numbers, you can figure out strange port numbers and block them.


Hi sose,

I'm not too sure if that would realistically work. The issue was with someone trying to authenticate on the FTP Server. If this is all happening against the FTP Service (FTP Deamon) then all the connections will be coming from source port > 1024 to detstination port 20/21.

The only way to stop this is to block the users source ip address to stop them trying to brute force a login to the ftp server.

Cheers

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
17 years 11 months ago #18999 by Brandonh
Replied by Brandonh on topic yeah
yeah I already Configured auditing on the FTP directories so I know when there is a login failure.
More
17 years 11 months ago #19000 by Brandonh
Replied by Brandonh on topic I Have there IP addys now
I have their IP address's I have blocked them out I have noticed attacks by different people throughout the globe. I have traced Ip addresses from China to California. If I continue to see alot of attempts i will just block everyone but the people i want. Therefore only the IP address's i specify will work. I also did not just block that single IP i found out the company that leased that Address block and blocked the whole network.
More
17 years 11 months ago #19001 by DaLight
Replied by DaLight on topic Re: ftp hacker
Are you blocking at the FTP server or your external firewall? If you're getting so many attempts, it may be more efficient to stop them before they get into your network in the first place.
More
17 years 11 months ago #19003 by wannafly172
Replied by wannafly172 on topic Re: ftp hacker
Blocking at the server is ok for a few attacks... for the amount i am understanding this to be i would be beefing up the FW. much easier!

"Buddha says, "Know your forms of linux: Mandrake, SUSE, Linspire, Xandros, Lycoris, MEPIS, Fedora Core, and Ubuntu""

It is my job to corrupt young people with the contageous, infectious idea of individual freedom
More
17 years 11 months ago #19048 by fatrix
Replied by fatrix on topic Re: ftp hacker
best way to hack the ftp...find on which port is that ftp running

u can find port by using port scanner

thne block that port of that particular ip
Time to create page: 0.132 seconds