| View previous topic :: View next topic |
| Author |
Message |
trigggl
Apprentice
Joined: 26 Aug 2007
Posts: 253
Location: Arkansas
|
 Posted: Tue Apr 21, 2009 11:15 pm Post subject: Brute force ftp attack - apparent spoof[solved] |
 |
|
I've got fail2ban set up and so far has worked very well for ssh. The problem is, now that I've set up an ftp server (for only 2 users) I keep getting this attack from (?@163.122.175.220.broad.nc.jx.dynamic.163data.com.cn). Fail2ban sees that as 163.122.175.220 and blocks that. ...and the attack continues. I think that 163.122.175.220 is in India and I also think the attack is coming from China. How do I block by name address instead of by IP?
_________________
Greg
Last edited by trigggl on Wed Apr 22, 2009 10:37 am; edited 1 time in total |
|
| Back to top |
|
 |
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Tue Apr 21, 2009 11:45 pm Post subject: |
|
|
the ip is to be read left2right
would give 220.175.122.163 and that's indeed some .cn range
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
trigggl
Apprentice
Joined: 26 Aug 2007
Posts: 253
Location: Arkansas
|
| Posted: Wed Apr 22, 2009 1:12 am Post subject: |
|
|
Thanks, I do believe that silenced it. Now I just need to figure out how to get fail2ban to block the right address.
_________________
Greg |
|
| Back to top |
|
|
|
Networking & Security
