Help Please, FTP attack on my server :(

Networking/Security Forums -> Connectivity // Telecommunications // Internet News

Author: jvieramacbook PostPosted: Fri Nov 28, 2008 4:35 pm    Post subject: Help Please, FTP attack on my server :(
    ----
Hi all, my first time on this forum. I am a network engineer student in college and need some help. I have discovered an FTP attack on my web server. This is not the first time this has happened. I want to somehow take action against these guys. Below is a capture of the packets going into my server:
http://www.mediafire.com/?nm4zzzin2jz
Just use a program like Wireshark to read it (free multi-platform packet reader)
Here is the info I was able to pull up on the guy (and my info says its not behind a proxy):
inetnum: 211.152.32.0 - 211.152.63.255
netname: SH-21VIANET
country: CN
descr: 21vianet (shanghai), Inc.
descr: 129 Yan An Rd(W.) Shanghai, China
admin-c: XL442-AP
tech-c: YW605-AP
status: ALLOCATED PORTABLE
changed: ipas@cnnic.cn 20060224
mnt-by: MAINT-CNNIC-AP
mnt-lower: MAINT-CNNIC-AP
mnt-routes: MAINT-CNCGROUP-RR
source: APNIC

person: Xiaoqiu Liu
nic-hdl: XL442-AP
e-mail: liu.xiaoqiu@21vianet.com
address: 129 Yan An Rd(W.) Shanghai, China
phone: +86-021-62499933-5190
fax-no: +86-021-62499901
country: CN
changed: ipas@cnnic.net.cn 20050920
mnt-by: MAINT-CNNIC-AP
source: APNIC

Can anyone assist me with what my next step should be?

Author: raztaLocation: 127.0.0.1 PostPosted: Sat Nov 29, 2008 7:09 pm    Post subject:
    ----
Block the IP range from accessing your FTP server. Contact 21vianet.com and inform them of the attack. Hope that helps.

Author: jvieramacbook PostPosted: Sun Nov 30, 2008 3:24 am    Post subject:
    ----
Thank you. The advice is appreciated.

Author: Carlo GambinoLocation: Ohio, USA PostPosted: Fri Dec 05, 2008 6:34 am    Post subject:
    ----
This happened to me recently as well.

The server wasn't up for 2 days when I noticed FTP attack attempts from China. I don't know what their deal is, but simply blocking the IP range seems to have worked so far.. until I get a honeypot setup Wink



Networking/Security Forums -> Connectivity // Telecommunications // Internet News


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group