Re: ftp connection attempts
On Wed, Dec 20, 2000 at 09:16:43AM -0800, Michael Smith wrote:
> I've noticed a gradual increase in ftp attempts over the last month. If you're
> not running ftp services, block out the port:
> ipchains -A input -p TCP -s 0.0.0.0/0 -d 0.0.0.0/0 21 -j REJECT
you might want to add a rule that does [source|destination] port 20:21, as
well. i've seen quite a few scans that use that exact technique to try to
pass through my filters (after all, *I* want to use ftp, so it's only
obvious i allow remote port 20:21 to go unnoticed and unmolested).
When you are having a bad day, and it seems like everybody is trying to piss
you off, remember that it takes 42 muscles to produce a frown, but only 4
muscles to work the trigger of a good sniper rifle.