Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Mitigate FTP

From: "Sarah Wahl" <scwahl () gmail com>
Date: Mon, 13 Oct 2008 19:46:54 -0600
Hi All,
   I am working with a company who is using FTP and cannot switch to a
better protocol.  They have been seeing attacks which are most likely
coming from one person.  The attacker is using four different IPs
(ARIN shows them to be coming from mexico, canada and the US) with the
same brute force attack.  They are trying to guess user names using a
tool (don't know why they aren't just trying to sniff traffic). I have
suggested putting in a honey pot to try and catch the attacker and
they have locked down the service as best as possible given the fact
they are still having to use FTP.  It is being run on IIS 6.0. The
attacker can't get through the firewall, so no damage so far.  Do you
have any other suggestions for trying to catch the attacker and any
other mitigations? Any ideas would be greatly appreciated.

Thank you very much,
Sarah

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: