Ideas for Securing my FTP Server

[nutjob.ie at gmail.com (Pat Moloney)]

First off you have not mentioned platform. I'm going to assume its non 
Microsoft and give Linux/unix suggestions.

Most of these will apply to SSH but can be easily tweaked for ftp

You could try Fail2Ban
http://www.fail2ban.org/wiki/index.php/Main_Page

Try here for rate limiting SSH example using Iptables.
http://hostingfu.com/article/ssh-dictionary-attack-prevention-with-iptables

BSD example for searching the SSH log and banning IPs
http://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SSH_logins


As for IDS someone with stronger foo might be able to help. I have never 
needed to deploy snort or any IDS so not aware of how it would/wouldn't 
handle this kind of attack.

I would suggest though than now is a really good time to implement an 
enforced strong password policy.

best of luck,
Pat



Shaun Curry wrote:
> Hello all!
>
> Does anyone have suggestions for my current situation?  I have found 
> that someone has been trying to brute-force login to my FTP Server, so 
> far they have been unsuccessful.  I don't think they are using any 
> tools or software to do this.  They have just been using a user name 
> like administrador and trying passwords til it times out.  I have 
> blocked his IP, but that can be changed easily.  I have his IP and 
> thats about it.  Can I simple change the port that my FTP connects 
> on?  This should reduce the risk of someone "stumbling" onto my ftp, 
> right?
>
> Any ideas on a cheap IDS (aka free) system that might catch something 
> like this in the future.
>
> Thanks
> Shaun
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com