- Posts: 1390
- Thank you received: 0
ftp hacker
17 years 11 months ago #18982
by Smurf
Hi sose,
I'm not too sure if that would realistically work. The issue was with someone trying to authenticate on the FTP Server. If this is all happening against the FTP Service (FTP Deamon) then all the connections will be coming from source port > 1024 to detstination port 20/21.
The only way to stop this is to block the users source ip address to stop them trying to brute force a login to the ftp server.
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: ftp hacker
Also, you can use the "netstat -n" to check ip addresses running at your background .If are conversant with port numbers, you can figure out strange port numbers and block them.
Hi sose,
I'm not too sure if that would realistically work. The issue was with someone trying to authenticate on the FTP Server. If this is all happening against the FTP Service (FTP Deamon) then all the connections will be coming from source port > 1024 to detstination port 20/21.
The only way to stop this is to block the users source ip address to stop them trying to brute force a login to the ftp server.
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
17 years 11 months ago #19000
by Brandonh
Replied by Brandonh on topic I Have there IP addys now
I have their IP address's I have blocked them out I have noticed attacks by different people throughout the globe. I have traced Ip addresses from China to California. If I continue to see alot of attempts i will just block everyone but the people i want. Therefore only the IP address's i specify will work. I also did not just block that single IP i found out the company that leased that Address block and blocked the whole network.
17 years 11 months ago #19001
by DaLight
Replied by DaLight on topic Re: ftp hacker
Are you blocking at the FTP server or your external firewall? If you're getting so many attempts, it may be more efficient to stop them before they get into your network in the first place.
- wannafly172
- Offline
- Junior Member
Less
More
- Posts: 45
- Thank you received: 0
17 years 11 months ago #19003
by wannafly172
"Buddha says, "Know your forms of linux: Mandrake, SUSE, Linspire, Xandros, Lycoris, MEPIS, Fedora Core, and Ubuntu""
It is my job to corrupt young people with the contageous, infectious idea of individual freedom
Replied by wannafly172 on topic Re: ftp hacker
Blocking at the server is ok for a few attacks... for the amount i am understanding this to be i would be beefing up the FW. much easier!
"Buddha says, "Know your forms of linux: Mandrake, SUSE, Linspire, Xandros, Lycoris, MEPIS, Fedora Core, and Ubuntu""
It is my job to corrupt young people with the contageous, infectious idea of individual freedom
Time to create page: 0.132 seconds