Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Massive failed FTP attempts.

from [James Finnican] Network Security [Permanent Link]
Subject: RE: Massive failed FTP attempts.
Date: Tue, 4 Sep 2007 14:47:22 -0700 
I use Filezilla FTP Server. Filezilla has an option that allows you to block an 
IP for a certain period of time after a certain number of unsuccessful login 
attempts. Currently, I ban an IP for 24hrs after 10 attempts.

You are going to have to check your FTP server software for any options that 
might allow you to set rules allowing this function.

James

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On 
Behalf Of Michael Nielson
Sent: Friday, August 31, 2007 8:33 PM
To: security-basics@securityfocus.com
Subject: Massive failed FTP attempts.

I run several small LAMP virtual servers, I've noticed a large amount of
failed FTP login attempts, these all attempt to login with common FTP
usernames like Administrator, or webmaster (the FTP server is proFTPd
version 1.2.10).  The attacker will try from one IP address maybe 30 or
40 times and then moving to a new IP address.  I have several questions,
first what are they trying to do? Crack my password? Or exploit a bug
with proftpd?  I've been more diligent about choosing a difficult to
break password.  More important what can I do to limit the number of
attempts on my server?
Thanks tons!
Michael
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Question about Active Directory and last time user has logged on, James Fryman
Next by Date:  traffic creation, OÄuz YarÄmtepe
Previous by Thread:  RE: Massive failed FTP attempts., Dan Denton
Next by Thread:  RE: Massive failed FTP attempts., Mark Sutton
Indexes:  [Date] [Thread] [Top] [All Lists]