Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Just a thought, if you can detect an attack, script a block of that IP only, and unlock it after an hour or two, again with a script. if you have known customers (internal users?) you could make an authorized table and block everyone else from China. Just a thought. I don't know the FTP daemon, but the concept seems good. Quoting John Abreau <john.abreau at zuken.com>: > What's the recommended way of dealing with ftp attacks? > > We have an ftp server for supporting our customers, running vsftpd, > and every once in a while it's come under attack from somewhere > in China; the attacker slams the ftp port, showing an authentication > failure every 3 seconds, continuously until the server locks up > four hours later. > > It happened yesterday evening, and I had to waste a few hours > driving into work to power-cycle the server. I set up a script > to scan the logs hourly and page me if it detected an attack, > and about an hour after I got home, at 2 am, I got a report of > a second attack. > > I dealt with it by blocking the ip addresses with > > route add -net 211.152.33.0/24 reject > > which interrupted the attack before the server could lock up. > And I just got yet another alert, a few minutes ago; these > assholes seem determined to break in. > > One concern I have is that these routes will gradually > clog up my routing table. Also, this machine is our external > mail server, and we have customers in China, so I can't just > block off all of China. > > -- > John Abreau > IT Manager > Zuken USA > 238 Littleton Rd., Suite 100 > Westford, MA 01886 > T: 978-392-1777 F: 978-692-4725 > M: 978-764-8934 > E: John.Abreau at zuken.com W: www.zuken.com > > -- Fax 1-630-214-5954 - Voicemail/S 775-898-8064 http://www.drbackup.net?pid=coats by Dr.Backup safeguards your valuable documents with an automatic nightly backup over the Internet. FREE trial "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 "Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke (1917 - ), "Profiles of The Future", 1961 (Clarke's third law) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |