[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] FTP Scans
- Subject: Re: [cobalt-security] FTP Scans
- From: Charlie Clemmer <cclemmer@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 17 Nov 2001 15:42:05 -0600
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
If there's no legitimate reason for uses in these domains to be
accessing FTP on your RAQs, why not just create an IPChains rule to
block FTP requests from these address blocks? That way, valid users
from these ISPs can still email and pull http content from your box,
without having other security concerns open.
Then I would suggest you contact them and demand they do something
about their security. Most of my site traffic comes from the US, but
most of the hacking attempts come from Germany, France and China.
While I have had some problems for US ISPs, they are usually
responsive and the problem is resolved. It is not the same with
t-dialin.net or wanadoo.fr. So if blocking access to the entire
country is what it takes to reduce the potential threat, then I am
afraid that is what must be done.