Re: Stopping multiple FTP connection attempts
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Wed, 31 Jan 2007 16:13:36 -0600
"Jimbo" <Jimbo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:79D81006-C42A-4137-B07E-14D7EFA45960@xxxxxxxxxxxxxxxx
I have an FTP server that is getting multiple log on tries from
unauthorized
users (IE China, Eastern Europe, ect). Is there a way to block an IP
address
after several attempts.
Not with built-in tools.
I use IPSec filters (with a little script to add in new addresses) but this
requires
manually processing the log files and running the add util.
It could be automated but it involves some work.
These attacks are stopping legit users from getting
on. It is an Windows 2003 Server. The firewall is an Watchguard SOHO 6,
if
this information helps.
There are dynamic firewalls that can do these types of things.
Snort, which is REALLY an "Intrusion Dectection System (IDS) rather
than a full blown firewall, has some of this capability.
How would we "know" if a user's IP should be blocked? (I mean, if
you told me to stand there and watch it, how would I know to do it
or not, assuming I am really stupid but really good at following
instructions,
sort of like a computer <grin>)
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
.
- Prev by Date: Re: svchost.exe - 100% CPU usage, and 100 MB memory usage.
- Previous by thread: Windows 2003 SP1 Server, High page reads
- Index(es):
Relevant Pages
|
