Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations dencom on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Somebody trying Password guessing thru the ftp 2

Status
Not open for further replies.
marslove

marslove

IS-IT--Management
Apr 18, 2007
30
US
Somebody trying Password guessing thru the ftp. Does anybody knows how to block those attempts on Cisco router?
Thanks
 
Sort by date Sort by votes
ACL to block all FTP requests?

Need a little more information though.
 
Upvote 0 Downvote
Windows? Download Solaris 10 for x86 (free) and install it on a junker---UNIX is better. The free FTP service in UNIX can be configured for non-anonymous access.

Burt
 
Upvote 0 Downvote
FTP Box Windows behind Cisco router, I used port mapping to the FTP Box. Somebody doing BRUT FORCE attack throe port 21. Temporary disabled mapping till find remedy

Thanks
 
Upvote 0 Downvote
They will brute force no matter what---kids from the University of Beijing, China (or a server there being used as a proxy) usually. Just make a strong password, and turn it off when you don't need it. Or, make the port mapping use a different port, like 2121. You could make acl's in the router to allow only certain people, but if anyone has access, then that won't work. Also, there is CAR/policy maps to limit bandwidth for FTP. I turn mine off during the day myself---not too worried about it. Not much on the ftp server, and acl's to block everyone from hopping from the ftp server to anywhere else in my network.

Burt
 
Upvote 0 Downvote
I read an article a while back about how North American companies are beginning to block IPs that originate from hostile countries (internet-wise) so I did the same thing. My company is based solely in North America and has no dealings with China, Korea, Vietnam, Germany etc.. so we have no reason to allow access from those areas of the world. I found a site that lists each country's IP blocks and turned it into an ACL and threw it on our router that sits in front of our firewall.

The port scanning virtually disappeared while watching the PIX realtime log. The ACL on the router is very revealing .. after a month some of the deny statements had over half a million hits.

Obviously this isn't a solution for everyone but it works great for us. I put it on all of our edge routers throughout the company. Later!

Dan
 
Upvote 0 Downvote
I did that at one time, until I could get to Gogle anymore! I went to dns-stuff.com to get the IP block from the attacker, and blocked the whole thing. It worked for like 20 blocks, then suddenly Google was in one of those blocks...lol

Burt
 
Upvote 0 Downvote
Wait...you have a PIX? You could just turn on the IDS in your pix. Or if you wanted to you can turn off ICMP as when they are searching for a server they will ping it first to see if it's there.

If you are using a 3rd party ftp application for your FTP Server i'm sure they have a brute force blocker type deal.
Yeah thats a tech term for ya!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

woza
  • Locked
  • Question
GNS3: Delete the lines "transport preferred none"
Replies
1
Views
480
DrB0b
DrB0b
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
434
nt8d09
nt8d09
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
641
BIS
BIS
mikey789
  • Locked
  • Question
Is There a Way to Calculate the Memorty Req'd for An IOS ?
Replies
1
Views
250
burtsbees
burtsbees
Collab_Guy
  • Locked
  • Question
Anyone using automation with their CUCM?
Replies
1
Views
262
kyle555
kyle555

Part and Inventory Search

Sponsor

Back
Top