Penetration Testing mailing list archives
Re: Mitigate FTP
From: "ॐ aditya mukadam ॐ" <aditya.mukadam () gmail com>
Date: Wed, 15 Oct 2008 09:33:14 +0530
Sarah Wahl <scwahl () gmail com> wrote:
They have been seeing attacks which are most likely coming from one person. The attacker is using four different IPs (ARIN shows them to be coming from mexico, canada and the US) with the same brute force attack. The attacker can't get through the firewall, so no damage so far.
The above two statements from your email are quite interesting. Some clarification is needed to provide some suggestions/mitigation. If firewall blocks FTP (using normal ACLs) then bruteforce is not ideally possible because attacker won't get prompted for username/ password. What are the restrictions on the firewall for FTP ? Can you clarify if the firewall is blocking this because its detecting a brute force (higher end firewalls can detect) ? Alternately, how do we know that the attacker is trying to brute force and where do we see those logs (FTP server or Firewall) ? Thanks, Aditya Govind Mukadam On Tue, Oct 14, 2008 at 7:16 AM, Sarah Wahl <scwahl () gmail com> wrote:
Hi All, I am working with a company who is using FTP and cannot switch to a better protocol. They have been seeing attacks which are most likely coming from one person. The attacker is using four different IPs (ARIN shows them to be coming from mexico, canada and the US) with the same brute force attack. They are trying to guess user names using a tool (don't know why they aren't just trying to sniff traffic).. The attacker can't get through the firewall, so no damage so far. Do you have any other suggestions for trying to catch the attacker and any other mitigations? Any ideas would be greatly appreciated. Thank you very much, Sarah ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Mitigate FTP Sarah Wahl (Oct 14)
- Re: Mitigate FTP exzactly (Oct 14)
- RE: Mitigate FTP Craig Wilson (Oct 14)
- Re: Mitigate FTP David Glosser (Oct 14)
- Re: Mitigate FTP Taufiq Ali (Oct 15)
- Re: Mitigate FTP Matt - MRS Security (Oct 15)
- Re: Mitigate FTP Taufiq Ali (Oct 15)
- RE: Mitigate FTP Pete.LeMay (Oct 14)
- Re: Mitigate FTP Shreyas Zare (Oct 14)
- Re: Mitigate FTP ॐ aditya mukadam ॐ (Oct 15)
- Re: Mitigate FTP Sarah Wahl (Oct 16)
- RE: Mitigate FTP Thakrar, Saurabh (Oct 16)
- RE: Mitigate FTP Gary E. Miller (Oct 16)
- RE: Mitigate FTP Pete.LeMay (Oct 17)
- RE: Mitigate FTP Gary E. Miller (Oct 17)
- RE: Mitigate FTP Pete.LeMay (Oct 17)
- RE: Mitigate FTP Thakrar, Saurabh (Oct 16)
- Re: Mitigate FTP Augusto Augusto (Oct 17)
- <Possible follow-ups>
- RE: Mitigate FTP christopher . riley (Oct 15)