Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dealing with ftp attacks

John Abreau wrote:

>What's the recommended way of dealing with ftp attacks? 
>We have an ftp server for supporting our customers, running vsftpd, 
>and every once in a while it's come under attack from somewhere 
>in China; the attacker slams the ftp port, showing an authentication 
>failure every 3 seconds, continuously until the server locks up 
>four hours later. 
>It happened yesterday evening, and I had to waste a few hours 
>driving into work to power-cycle the server. I set up a script 
>to scan the logs hourly and page me if it detected an attack, 
>and about an hour after I got home, at 2 am, I got a report of 
>a second attack. 
>I dealt with it by blocking the ip addresses with 
>    route add -net reject
>which interrupted the attack before the server could lock up. 
>And I just got yet another alert, a few minutes ago; these 
>assholes seem determined to break in. 
>One concern I have is that these routes will gradually 
>clog up my routing table. Also, this machine is our external 
>mail server, and we have customers in China, so I can't just 
>block off all of China. 


I suggest you firewall the range assigned to the attacker's ISP: it's 
unlikely that your customers will be in the same range, but you can just 
close port 21 ask your customers to use SSH in any case.



E. William Horne
William Warren Consulting
Computer and Network Installation & Service
Voice:	781 784-7287

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /