|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Pete.LeMay (pete.lemay
whro.org)
Date: Tue Oct 14 2008 - 12:48:24 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've been using a variation of the scripts here,
http://blog.netnerds.net/category/iis/. Hers looks for failed login
attempts as administrator and bans the IP, but you can modify it to look
for whatever login(s) you want and block the IP.
-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
On Behalf Of Sarah Wahl
Sent: Monday, October 13, 2008 9:47 PM
To: pen-testsecurityfocus.com
Subject: Mitigate FTP
Hi All,
I am working with a company who is using FTP and cannot switch to a
better protocol. They have been seeing attacks which are most likely
coming from one person. The attacker is using four different IPs
(ARIN shows them to be coming from mexico, canada and the US) with the
same brute force attack. They are trying to guess user names using a
tool (don't know why they aren't just trying to sniff traffic). I have
suggested putting in a honey pot to try and catch the attacker and
they have locked down the service as best as possible given the fact
they are still having to use FTP. It is being run on IIS 6.0. The
attacker can't get through the firewall, so no damage so far. Do you
have any other suggestions for trying to catch the attacker and any
other mitigations? Any ideas would be greatly appreciated.
Thank you very much,
Sarah
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]