Re: Mitigate FTP

["exzactly" <exzactly () hotmail com>]

Depending on what type of FW and/or IPS system you have you can set it up to 
block brute force attacks, most IPS systems have settings to deny repeated 
requests from the same set of IP addresses. I have used this function in a 
few different ones.

----- Original Message ----- 
From: "Sarah Wahl" <scwahl () gmail com>
To: <pen-test () securityfocus com>
Sent: Monday, October 13, 2008 6:46 PM
Subject: Mitigate FTP


> Hi All,
>   I am working with a company who is using FTP and cannot switch to a
> better protocol.  They have been seeing attacks which are most likely
> coming from one person.  The attacker is using four different IPs
> (ARIN shows them to be coming from mexico, canada and the US) with the
> same brute force attack.  They are trying to guess user names using a
> tool (don't know why they aren't just trying to sniff traffic). I have
> suggested putting in a honey pot to try and catch the attacker and
> they have locked down the service as best as possible given the fact
> they are still having to use FTP.  It is being run on IIS 6.0. The
> attacker can't get through the firewall, so no damage so far.  Do you
> have any other suggestions for trying to catch the attacker and any
> other mitigations? Any ideas would be greatly appreciated.
>
> Thank you very much,
> Sarah
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Security Trends Report from Cenzic
> Stay Ahead of the Hacker Curve!
> Get the latest Q2 2008 Trends Report now
>
> www.cenzic.com/landing/trends-report
> ------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------