[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ftp connection attempts

On Wed, Dec 20, 2000 at 09:16:43AM -0800, Michael Smith wrote:
> I've noticed a gradual increase in ftp attempts over the last month.  If you're
> not running ftp services, block out the port:
> ipchains -A input -p TCP -s -d 21 -j REJECT

you might want to add a rule that does [source|destination] port 20:21, as
well. i've seen quite a few scans that use that exact technique to try to
pass through my filters (after all, *I* want to use ftp, so it's only
obvious i allow remote port 20:21 to go unnoticed and unmolested).


When you are having a bad day, and it seems like everybody is trying to piss
you off, remember that it takes 42 muscles to produce a frown, but only 4
muscles to work the trigger of a good sniper rifle.

Reply to: