Home All Groups Group Topic Archive Search About

ftp brute force attacks

microsoft.public.inetserver.iis.security
Author
3 Apr 2006 1:16 PM
MikeV06
I have been getting a bunch of brute force attempted logins to account
Administrator on my ftp server (IIS 6). I have got the appropriate changes
to my server to make the attacks no more than troublesome. I do have a
couple of questions though.

Are there any changes one can make to prevent continuous failed login
attempts on ftp? I find it difficult to believe that one cannot stop such
activity, even on an account that does not exist. Maybe a portsentry type
of program for windows? Any advice?

I normally just add the range of ip addresses from the offending isp to my
ftp and web server directory security deny list. However, sometimes the
offending ip requires several ranges to block them completely, such as
those from Korea. I have been using a Linux program called cidr_range.pl
which will take the ip range and convert it into the network ips needed to
cover the entire range.

cidr_range first_ip second_ip gives nnn.0.0.0/nn type of information.

Does such a program exist for windows?

Thanks.

Author
4 Apr 2006 2:39 AM
Bernard Cheah [MVP]
I have not seen one yet. typically in the past, I did it at firewall level -
checkpoint.

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


Show quoteHide quote
"MikeV06" <m*@privacy.net> wrote in message
news:1a7jsqpklicaq.dlg@mycomputer06.invalid.com...
>I have been getting a bunch of brute force attempted logins to account
> Administrator on my ftp server (IIS 6). I have got the appropriate changes
> to my server to make the attacks no more than troublesome. I do have a
> couple of questions though.
>
> Are there any changes one can make to prevent continuous failed login
> attempts on ftp? I find it difficult to believe that one cannot stop such
> activity, even on an account that does not exist. Maybe a portsentry type
> of program for windows? Any advice?
>
> I normally just add the range of ip addresses from the offending isp to my
> ftp and web server directory security deny list. However, sometimes the
> offending ip requires several ranges to block them completely, such as
> those from Korea. I have been using a Linux program called cidr_range.pl
> which will take the ip range and convert it into the network ips needed to
> cover the entire range.
>
> cidr_range first_ip second_ip gives nnn.0.0.0/nn type of information.
>
> Does such a program exist for windows?
>
> Thanks.



Post Other interesting topics
Do I really need a wild card certificate ?
Restricting IIS from serving static content
Iusr_Servername NetworkPrinter
Security of Webpage
Simple Anonymous Access question
Common Name question
Communicator Web Access Authentication Not Working
IIS and enterpise sub CA on different machines
run cgi in localhost without SSL?
BIN Directory being hidden automatically