Ideas for Securing my FTP Server

[raffi at flossyourmind.com (Raffi Jamgotchian)]

There are some Snort signatures that claim to detect "potential" brute  
force attacks but it seems to detect many hundreds/thousands of  
attempts within a few minutes.  You can modify that or looking at some  
of the bleeding edge/emerging threat signatures.

The simplest thing may be to have a script review your FTP logs and  
notify you if there are multiple unsuccessful logins.


On Mar 21, 2009, at 11:15 AM, Shaun Curry wrote:

> Hello all!
>
> Does anyone have suggestions for my current situation?  I have found  
> that someone has been trying to brute-force login to my FTP Server,  
> so far they have been unsuccessful.  I don't think they are using  
> any tools or software to do this.  They have just been using a user  
> name like administrador and trying passwords til it times out.  I  
> have blocked his IP, but that can be changed easily.  I have his IP  
> and thats about it.  Can I simple change the port that my FTP  
> connects on?  This should reduce the risk of someone "stumbling"  
> onto my ftp, right?
>
> Any ideas on a cheap IDS (aka free) system that might catch  
> something like this in the future.
>
> Thanks
> Shaun
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090321/5650c6c4/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
Url : http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090321/5650c6c4/attachment.pgp