Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
What's the recommended way of dealing with ftp attacks? We have an ftp server for supporting our customers, running vsftpd, and every once in a while it's come under attack from somewhere in China; the attacker slams the ftp port, showing an authentication failure every 3 seconds, continuously until the server locks up four hours later. It happened yesterday evening, and I had to waste a few hours driving into work to power-cycle the server. I set up a script to scan the logs hourly and page me if it detected an attack, and about an hour after I got home, at 2 am, I got a report of a second attack. I dealt with it by blocking the ip addresses with route add -net 211.152.33.0/24 reject which interrupted the attack before the server could lock up. And I just got yet another alert, a few minutes ago; these assholes seem determined to break in. One concern I have is that these routes will gradually clog up my routing table. Also, this machine is our external mail server, and we have customers in China, so I can't just block off all of China. -- John Abreau IT Manager Zuken USA 238 Littleton Rd., Suite 100 Westford, MA 01886 T: 978-392-1777 F: 978-692-4725 M: 978-764-8934 E: John.Abreau at zuken.com W: www.zuken.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.blu.org/pipermail/discuss/attachments/20061002/317661c2/attachment.sig>
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |