• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Help Please, FTP attack on my server :(

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Connectivity // Telecommunications // Internet News

View previous topic :: View next topic  
Author Message
jvieramacbook
Just Arrived
Just Arrived


Joined: 28 Nov 2008
Posts: 0


Offline

PostPosted: Fri Nov 28, 2008 4:35 pm    Post subject: Help Please, FTP attack on my server :( Reply with quote

Hi all, my first time on this forum. I am a network engineer student in college and need some help. I have discovered an FTP attack on my web server. This is not the first time this has happened. I want to somehow take action against these guys. Below is a capture of the packets going into my server:
http://www.mediafire.com/?nm4zzzin2jz
Just use a program like Wireshark to read it (free multi-platform packet reader)
Here is the info I was able to pull up on the guy (and my info says its not behind a proxy):
inetnum: 211.152.32.0 - 211.152.63.255
netname: SH-21VIANET
country: CN
descr: 21vianet (shanghai), Inc.
descr: 129 Yan An Rd(W.) Shanghai, China
admin-c: XL442-AP
tech-c: YW605-AP
status: ALLOCATED PORTABLE
changed: ipas@cnnic.cn 20060224
mnt-by: MAINT-CNNIC-AP
mnt-lower: MAINT-CNNIC-AP
mnt-routes: MAINT-CNCGROUP-RR
source: APNIC

person: Xiaoqiu Liu
nic-hdl: XL442-AP
e-mail: liu.xiaoqiu@21vianet.com
address: 129 Yan An Rd(W.) Shanghai, China
phone: +86-021-62499933-5190
fax-no: +86-021-62499901
country: CN
changed: ipas@cnnic.net.cn 20050920
mnt-by: MAINT-CNNIC-AP
source: APNIC

Can anyone assist me with what my next step should be?
Back to top
View user's profile Send private message
razta
Just Arrived
Just Arrived


Joined: 12 Nov 2005
Posts: 2
Location: 127.0.0.1

Offline

PostPosted: Sat Nov 29, 2008 7:09 pm    Post subject: Reply with quote

Block the IP range from accessing your FTP server. Contact 21vianet.com and inform them of the attack. Hope that helps.
Back to top
View user's profile Send private message
jvieramacbook
Just Arrived
Just Arrived


Joined: 28 Nov 2008
Posts: 0


Offline

PostPosted: Sun Nov 30, 2008 3:24 am    Post subject: Reply with quote

Thank you. The advice is appreciated.
Back to top
View user's profile Send private message
Carlo Gambino
Just Arrived
Just Arrived


Joined: 20 Feb 2008
Posts: 3
Location: Ohio, USA

Offline

PostPosted: Fri Dec 05, 2008 6:34 am    Post subject: Reply with quote

This happened to me recently as well.

The server wasn't up for 2 days when I noticed FTP attack attempts from China. I don't know what their deal is, but simply blocking the IP range seems to have worked so far.. until I get a honeypot setup Wink
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Connectivity // Telecommunications // Internet News All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register