Re: ftp connection attempts

To: debian-security@lists.debian.org
Subject: Re: ftp connection attempts
From: debian@TGR.yi.org (Jan Martin Mathiassen)
Date: Wed, 20 Dec 2000 19:13:56 +0100
Message-id: <[🔎] 20001220191356.A2522@TGR.yi.org>
In-reply-to: <[🔎] 3A40E97B.C1A8275E@authtrans.com>; from rybolov@authtrans.com on Wed, Dec 20, 2000 at 09:16:43AM -0800
References: <[🔎] 20001220164154.D29506@gurkensalat.interface-business.de> <[🔎] 3A40E97B.C1A8275E@authtrans.com>

On Wed, Dec 20, 2000 at 09:16:43AM -0800, Michael Smith wrote:
> I've noticed a gradual increase in ftp attempts over the last month.  If you're
> not running ftp services, block out the port:
> ipchains -A input -p TCP -s 0.0.0.0/0 -d 0.0.0.0/0 21 -j REJECT

you might want to add a rule that does [source|destination] port 20:21, as
well. i've seen quite a few scans that use that exact technique to try to
pass through my filters (after all, *I* want to use ftp, so it's only
obvious i allow remote port 20:21 to go unnoticed and unmolested).

-- 
-m

When you are having a bad day, and it seems like everybody is trying to piss
you off, remember that it takes 42 muscles to produce a frown, but only 4
muscles to work the trigger of a good sniper rifle.

Reply to:

References:
- ftp connection attempts
  - From: Thomas Guettler <guettli@interface-business.de>
- Re: ftp connection attempts
  - From: Michael Smith <rybolov@authtrans.com>

Prev by Date: Re: ftp connection attempts
Next by Date: in.ftpd (from ftpd package) vulnerable to recent exploits?
Previous by thread: Re: ftp connection attempts
Next by thread: Re: ftp connection attempts
Index(es):
- Date
- Thread