Re: People trying to hack my MS FTP server (but they're not getting in)

You will probably find that the IP is part of an ISP's range of dynamic IP
addresses for customers.

Most will simply not bother to look it up but you never know...

Checkout this freeware tool to identify who owns the IP Address
http://www.itoolpad.com/products/iplookup/#screen

--
cheers

Chris

Chris Crowe [MVP 2005/2006]
http://blog.crowe.co.nz



"Spin" <Spin@xxxxxxxx> wrote in message
news:3rl4mcFk5oe5U1@xxxxxxxxxxxxxxxxx
> Experts,
>
> Periodic review of my system event logs indicate multiple attempts from
> the
> same IP address to logon to my MS FTP server with accounts which do not
> exist. I then jumped over to the C:\WINDOWS\system32\LogFiles\MSFTPSVC1
> directory and reviewed the text file logs of the same date. Lo an behold,
> this is where I verified that six times within the last 30 days, multiple
> attempts from the same IP address to logon to my MS FTP server with
> accounts
> which do not exist. Like on the first of the month it would be from one
> IP,
> a few days later from another, etc. The 230, 331, 550 indicate that they
> are not getting in (I do not allow anonymous logon). From the security
> tab
> of the FTP Service properties, I have denied these IP addresses
> individually
> to prevent further attacks from them. I have no doubt that I will
> continue
> to have to do this, the nature of the Internet being what it is today.
>
> My next question is, I wonder if I can go after the owner of these IP
> addresses in court, for (1) attempting to hack into my system and (2)
> using
> up system resources while doing so. None of these attacks last for more
> than two minutes though.
>
>


.

Relevant Pages

  • People trying to hack my MS FTP server (but theyre not getting in)
    ... Periodic review of my system event logs indicate multiple attempts from the ... attempts from the same IP address to logon to my MS FTP server with accounts ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: People trying to hack my MS FTP server (but theyre not getting in)
    ... failed to logon due to an incorrect username or password. ... Windows Server 2003/2000/NT; CCA ... attempts from the same IP address to logon to my MS FTP server with accounts ... to prevent further attacks from them. ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: User Login
    ... filtering so that only this group gets the deny logon locally privilegs. ... the domain group called Domain Users is a member of the local ... put those user accounts into domain group and apply a GPO to the OU ... "Meinolf Weber" wrote: ...
    (microsoft.public.windows.server.active_directory)
  • Re: Account Lockout Policies
    ... Deleting user accounts after 30 days of inactivity allows a windows of opportunity of 30 days for an ex-user to re-use the network. ... If a technical solution is unavoidable due to a lack of management buy-in, there are a few ways that it can be achieved. ... Ascertain from those logs when users last logged in and add 30 days. ... From the users logon script, touch a unique file in a common area. ...
    (microsoft.public.security)
  • Re: Disabling Interactive Logon Against Security Group
    ... A less that fully perfect route to consider would be a logon script ... for those accounts that inquires as to what machine is being logged ... question "disable interactive logon privilages against specific OU/User ... If you set this in a GPO then the list that is to be denied that you ...
    (microsoft.public.security)