First SSH now VSFTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Use iptables to fw the ip,

do a whois on the ip to  find out who owns it. Also check the reverse lookup

See if there is a web server running at the ip address, if yes see what 
the content is.

Finally contact the owner of the IP as the ip address may be that of a 
box that has been used as a staging post and it has been compromised itself.

If vsftp uses the TCP wrapper, you can specify the frequency and number 
of connections in hosts.allow,  I don't use vsftp but I don't actually 
think it does use the wrapper, but it can be configured to...

This article shows both method of running it:

http://www.linuxfocus.org/English/July2004/article341.shtml

This might be useful too:

http://www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/

Hope this helps

P.



John Hinton wrote:
> Seems the script kiddies are now hitting vsftp with dictionary 
> attacks. I had three boxes showing around 12000 attempts from one IP 
> yesterday.
>
> My thoughts are that there should be an upstream solution for this 
> which is then supported by the upstream vendor. Yes, I know there are 
> several 'other' solutions, but I'd really like to stay mainstream and 
> use a supported method for dealing with these issues. I can't help but 
> view them as security issues.
>
> Best,
> John Hinton
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux