Penetration Testing mailing list archives
RE: Mitigate FTP
From: Craig Wilson <cwilson () ppilearning com>
Date: Tue, 14 Oct 2008 18:39:21 +0100
Hi Sarah, If they are in Mexico, US or Canada and you are not in any of those then the chances of the sniffing the wire is so remote as not to be worth considering. If they are trying to brute-force the password then your clients best bet is to enforce a strong password policy - set the passwords to lock after a given number of false attempts and install an IDS to either alert of confine the traffic. If they are always coming from the same network blocks then you could block them at the Firewall. If it's just password attempts, then I'd not worry too much. It's worth ensuring that the server itself is full patched and that the IIS services are setup in such a way as to negate the possibility of anything being ran on the server itself should they crack a password. Let me know if I can be of more assistance. Craig -----Original Message----- Craig Wilson Senior IT Network Administrator & Support Analyst T. 0207 264 5113 M. 07899895510 F. 02072645101 E. cwilson () ppilearning com W. http://www.ppilearning.com/ P Think Green - Please do not print this email unless you really need to http://www.ppilearning.com/promotions/winserver2008register.php This email and any attachments are confidential information and solely intended to be read by the email addressees above. If you inadvertently receive this email, your access is unauthorised and you may not copy, disclose, distribute or otherwise use this email and its contents. If you have received this email in error, please inform us immediately at mailto:SA () PPILearning com and delete all copies from your system. PPI Learning Services accepts no legal liability for the contents of this email including any errors, interception or interference, as internet communications are not secure. Whilst PPI Learning Services and the sender have taken every precaution to prevent transmission of computer viruses, should this inadvertently occur we do not accept any liability. Any offer or acceptance of a contract for goods or services made in this email is subject to our standard terms and conditions (available on request), unless other terms and conditions have been agreed in writing between authorised signatories of the parties. PPI Learning Services Limited. Registered Address: 3-5 Crutched Friars, London, EC3N 2HR. Registered in United Kingdom Company Number 06008725 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Sarah Wahl Sent: 14 October 2008 02:47 To: pen-test () securityfocus com Subject: Mitigate FTP Hi All, I am working with a company who is using FTP and cannot switch to a better protocol. They have been seeing attacks which are most likely coming from one person. The attacker is using four different IPs (ARIN shows them to be coming from mexico, canada and the US) with the same brute force attack. They are trying to guess user names using a tool (don't know why they aren't just trying to sniff traffic). I have suggested putting in a honey pot to try and catch the attacker and they have locked down the service as best as possible given the fact they are still having to use FTP. It is being run on IIS 6.0. The attacker can't get through the firewall, so no damage so far. Do you have any other suggestions for trying to catch the attacker and any other mitigations? Any ideas would be greatly appreciated. Thank you very much, Sarah ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------ trying tcgcs?? ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Mitigate FTP Sarah Wahl (Oct 14)
- Re: Mitigate FTP exzactly (Oct 14)
- RE: Mitigate FTP Craig Wilson (Oct 14)
- Re: Mitigate FTP David Glosser (Oct 14)
- Re: Mitigate FTP Taufiq Ali (Oct 15)
- Re: Mitigate FTP Matt - MRS Security (Oct 15)
- Re: Mitigate FTP Taufiq Ali (Oct 15)
- RE: Mitigate FTP Pete.LeMay (Oct 14)
- Re: Mitigate FTP Shreyas Zare (Oct 14)
- Re: Mitigate FTP ॐ aditya mukadam ॐ (Oct 15)
- Re: Mitigate FTP Sarah Wahl (Oct 16)
- RE: Mitigate FTP Thakrar, Saurabh (Oct 16)
- RE: Mitigate FTP Gary E. Miller (Oct 16)
- RE: Mitigate FTP Pete.LeMay (Oct 17)
- RE: Mitigate FTP Thakrar, Saurabh (Oct 16)