[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Conclusion of "Is this coincidence or what - FTP Scans"
- Subject: Re: [cobalt-security] Conclusion of "Is this coincidence or what - FTP Scans"
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Wed, 17 Oct 2001 19:38:56 +0200
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Render-Vue,
> To carry on what other people have been saying the scans from
> dip.t-dialin.net and abo.wanadoo.fr happen to our servers on a daily basis
dip.t-dialin.net are DSL users from T-Online, the online branch of Deutsche
Telekom. That's what I use myself.
Complaining to T-Online is futile. They have more than seven million users
and have cut down hard on support, so unless you have a smoking gun in hand
and a corpse to proove they won't raise an eyebrow.
Similar things apply for all the big ISPs like home.net, wanadoo.fr,
mindspring, <choke> AOL and others.
> I know they haven't breached the server but as someone mentioned it does
> get annoying seeing the same network and IP's coming up...what do you do if
> the ISP can't take matters like this seriously :<
Of course. You see, I have a temporary and a permanent banlist on my server,
containing all the IP addresses and subnets which I block. If there's a
repeat offender in there, then I have no problem with banning the entire
class A or B net of one of the big fishes and use ipchains to deny them
anything except access to port 80, 53 and 25 - IF they're lucky.
There is one thing I will most likely do about FTP: I'll shut it down
completly and use a modified version of the POPrelayD-script to reopen the
service. So if a customer wants to use FTP, then he has to check his email
first, which will unlock FTP for his IP address for a short while. Shouldn't
be that complicated to implement.
Another option which I contemplated about is replacing FTP with "scp", the
secury copy which comes with SSH. Fully encrypted transfer and there is a
freeware windows client (WinSCP) available which looks and feels a lot like
WS_FTP. But I still have a couple of customers which don't speak English and
which most likely will be unable to handle software which has an English
user-interface.
--
Mit freundlichen Grüßen / With best regards
Michael Stauber
Stauber Multimedia Design ____ Phone: +49-6081-946240
Eppsteiner Weg 9 ___ D-61267 Neu-Anspach ___ Germany
SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM