Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dealing with ftp attacks



On Mon, Oct 02, 2006 at 03:59:33PM -0400, John Abreau wrote:
> I dealt with it by blocking the ip addresses with 
> 
>     route add -net 211.152.33.0/24 reject
> 
> which interrupted the attack before the server could lock up. 
> And I just got yet another alert, a few minutes ago; these 
> assholes seem determined to break in. 
> 
> One concern I have is that these routes will gradually 
> clog up my routing table. Also, this machine is our external 
> mail server, and we have customers in China, so I can't just 
> block off all of China. 

TCP Wrappers -- vsftpd.conf: tcp_wrappers

limit connectivity per IP: vsftpd.conf: max_per_ip

limit connectivity over-all: vsftpd.conf: max_clients

use limiting features of xinetd or other wrapper

use the firewall's blocking features -- this is hidden behind a
firewall, right?

use an RBL lookup before granting access; maintain your own RBL.

-dsr-

-- 
.-.. -... .... .   --.. .-. ..-. ..-. -. - .-.   ...- ..-.   -... --- ..-. .--. .-. .- .-.     ...- .-   ..-. -... --.. .-.   -.-. -. . --.   -... ...   --. ..- .-.   .--- -... . -.-- --.-   ..-. ..- ...- --.   ..-. -...   ...- ..-.   --. ..- ...- ..-.   -... .- .-. 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org