Dealing with ftp attacks
dsr at tao.merseine.nu
dsr at tao.merseine.nu
Mon Oct 2 16:14:41 EDT 2006
On Mon, Oct 02, 2006 at 03:59:33PM -0400, John Abreau wrote:
> I dealt with it by blocking the ip addresses with
>
> route add -net 211.152.33.0/24 reject
>
> which interrupted the attack before the server could lock up.
> And I just got yet another alert, a few minutes ago; these
> assholes seem determined to break in.
>
> One concern I have is that these routes will gradually
> clog up my routing table. Also, this machine is our external
> mail server, and we have customers in China, so I can't just
> block off all of China.
TCP Wrappers -- vsftpd.conf: tcp_wrappers
limit connectivity per IP: vsftpd.conf: max_per_ip
limit connectivity over-all: vsftpd.conf: max_clients
use limiting features of xinetd or other wrapper
use the firewall's blocking features -- this is hidden behind a
firewall, right?
use an RBL lookup before granting access; maintain your own RBL.
-dsr-
--
.-.. -... .... . --.. .-. ..-. ..-. -. - .-. ...- ..-. -... --- ..-. .--. .-. .- .-. ...- .- ..-. -... --.. .-. -.-. -. . --. -... ... --. ..- .-. .--- -... . -.-- --.- ..-. ..- ...- --. ..-. -... ...- ..-. --. ..- ...- ..-. -... .- .-.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list