Penetration Testing mailing list archives

Re: Mitigate FTP

From: "Shreyas Zare" <shreyas () technitium com>
Date: Wed, 15 Oct 2008 00:00:37 +0530

Hi,

As you know the IP addresses, just do WhoIs for the ISP details and
make a formal complaint through email if the attack is continuously
repeating for days.

Regards,

On Tue, Oct 14, 2008 at 7:16 AM, Sarah Wahl <scwahl () gmail com> wrote:


Hi All,
  I am working with a company who is using FTP and cannot switch to a
better protocol.  They have been seeing attacks which are most likely
coming from one person.  The attacker is using four different IPs
(ARIN shows them to be coming from mexico, canada and the US) with the
same brute force attack.  They are trying to guess user names using a
tool (don't know why they aren't just trying to sniff traffic). I have
suggested putting in a honey pot to try and catch the attacker and
they have locked down the service as best as possible given the fact
they are still having to use FTP.  It is being run on IIS 6.0. The
attacker can't get through the firewall, so no damage so far.  Do you
have any other suggestions for trying to catch the attacker and any
other mitigations? Any ideas would be greatly appreciated.

Thank you very much,
Sarah

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------




--
("There are only 10 kinds of people in this world: those who know
binary and those who don't.")

Shreyas Zare
Co-Founder, Technitium
eMail: shreyas () technitium com

..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam () technitium com

Join Sci-Tech News group and get the latest science & technology news
in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-news
to join.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Current thread:

Mitigate FTP Sarah Wahl (Oct 14)
- Re: Mitigate FTP exzactly (Oct 14)
- RE: Mitigate FTP Craig Wilson (Oct 14)
- Re: Mitigate FTP David Glosser (Oct 14)
  - Re: Mitigate FTP Taufiq Ali (Oct 15)
    - Re: Mitigate FTP Matt - MRS Security (Oct 15)
- RE: Mitigate FTP Pete.LeMay (Oct 14)
- Re: Mitigate FTP Shreyas Zare (Oct 14)
- Re: Mitigate FTP ॐ aditya mukadam ॐ (Oct 15)
- Re: Mitigate FTP Sarah Wahl (Oct 16)
  - RE: Mitigate FTP Thakrar, Saurabh (Oct 16)
    - RE: Mitigate FTP Gary E. Miller (Oct 16)
    - RE: Mitigate FTP Pete.LeMay (Oct 17)
    - RE: Mitigate FTP Gary E. Miller (Oct 17)
    - RE: Mitigate FTP Pete.LeMay (Oct 17)
    - Re: Mitigate FTP Augusto Augusto (Oct 17)
- <Possible follow-ups>
- RE: Mitigate FTP christopher . riley (Oct 15)