Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dealing with ftp attacks

What's the recommended way of dealing with ftp attacks? 

We have an ftp server for supporting our customers, running vsftpd, 
and every once in a while it's come under attack from somewhere 
in China; the attacker slams the ftp port, showing an authentication 
failure every 3 seconds, continuously until the server locks up 
four hours later. 

It happened yesterday evening, and I had to waste a few hours 
driving into work to power-cycle the server. I set up a script 
to scan the logs hourly and page me if it detected an attack, 
and about an hour after I got home, at 2 am, I got a report of 
a second attack. 

I dealt with it by blocking the ip addresses with 

    route add -net reject

which interrupted the attack before the server could lock up. 
And I just got yet another alert, a few minutes ago; these 
assholes seem determined to break in. 

One concern I have is that these routes will gradually 
clog up my routing table. Also, this machine is our external 
mail server, and we have customers in China, so I can't just 
block off all of China. 

John Abreau
IT Manager
Zuken USA
238 Littleton Rd., Suite 100
Westford, MA 01886
T: 978-392-1777            F: 978-692-4725
M: 978-764-8934
E: John.Abreau at  W:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <>

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /