ftp brute force attacks

ftp brute force attacks

am 03.04.2006 15:16:01 von Hans-Peter Sauer

I have been getting a bunch of brute force attempted logins to account
Administrator on my ftp server (IIS 6). I have got the appropriate changes
to my server to make the attacks no more than troublesome. I do have a
couple of questions though.

Are there any changes one can make to prevent continuous failed login
attempts on ftp? I find it difficult to believe that one cannot stop such
activity, even on an account that does not exist. Maybe a portsentry type
of program for windows? Any advice?

I normally just add the range of ip addresses from the offending isp to my
ftp and web server directory security deny list. However, sometimes the
offending ip requires several ranges to block them completely, such as
those from Korea. I have been using a Linux program called cidr_range.pl
which will take the ip range and convert it into the network ips needed to
cover the entire range.

cidr_range first_ip second_ip gives nnn.0.0.0/nn type of information.

Does such a program exist for windows?

Thanks.

Re: ftp brute force attacks

am 04.04.2006 04:39:43 von Bernard

I have not seen one yet. typically in the past, I did it at firewall level -
checkpoint.

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"MikeV06" wrote in message
news:1a7jsqpklicaq.dlg@mycomputer06.invalid.com...
>I have been getting a bunch of brute force attempted logins to account
> Administrator on my ftp server (IIS 6). I have got the appropriate changes
> to my server to make the attacks no more than troublesome. I do have a
> couple of questions though.
>
> Are there any changes one can make to prevent continuous failed login
> attempts on ftp? I find it difficult to believe that one cannot stop such
> activity, even on an account that does not exist. Maybe a portsentry type
> of program for windows? Any advice?
>
> I normally just add the range of ip addresses from the offending isp to my
> ftp and web server directory security deny list. However, sometimes the
> offending ip requires several ranges to block them completely, such as
> those from Korea. I have been using a Linux program called cidr_range.pl
> which will take the ip range and convert it into the network ips needed to
> cover the entire range.
>
> cidr_range first_ip second_ip gives nnn.0.0.0/nn type of information.
>
> Does such a program exist for windows?
>
> Thanks.