UnlnvlslblE
Limp Gawd
- Joined
- Jan 24, 2006
- Messages
- 272
Well my internet connection was acting funny today. I was lagging out on my games and didn't know what it was. So, I turned off all my open ports and everything worked fine. I got into digging through my server logs and it turns out my FTP server was being brute forced. Is there any way to report this activity to the person's ISP that was doing it? I remember seeing a way to retrieve the info based on an IP address but I just don't remember how right now.
After I report that, I'd like to know if anyone knows of a good and secure free FTP server that I can tweak based on the following things:
blocking IPs permanently
blocking IPs based on the number of failed attempts
Also, is there any way to secure the rest of my system like this? I have one computer I use to forward ports to (not a DMZ) sitting behind a Linksys WRT54GS. I think its pretty secure but I honestly am second guessing myself after this attack.
Anyways, if anyone can help me out, the offending IPs are:
65.95.107.159
219.136.187.231
I've kept all the log files in case they need to be forwarded to the ISPs.
I'd also like to ask another question while I'm at it. I've tried out nmap to see what ports my server has open as well as a couple others. The ports come up as being "open", "closed" or "filtered". All my ports are just open. Is there any difference between these distinctions? Can I change my ports to some other classification while still allowing people access to them? Is there any way to block nmap scans to my IP or to hide the ports totally?
Thanks for any help! I'm really new to locking things down like this.
After I report that, I'd like to know if anyone knows of a good and secure free FTP server that I can tweak based on the following things:
blocking IPs permanently
blocking IPs based on the number of failed attempts
Also, is there any way to secure the rest of my system like this? I have one computer I use to forward ports to (not a DMZ) sitting behind a Linksys WRT54GS. I think its pretty secure but I honestly am second guessing myself after this attack.
Anyways, if anyone can help me out, the offending IPs are:
65.95.107.159
219.136.187.231
I've kept all the log files in case they need to be forwarded to the ISPs.
I'd also like to ask another question while I'm at it. I've tried out nmap to see what ports my server has open as well as a couple others. The ports come up as being "open", "closed" or "filtered". All my ports are just open. Is there any difference between these distinctions? Can I change my ports to some other classification while still allowing people access to them? Is there any way to block nmap scans to my IP or to hide the ports totally?
Thanks for any help! I'm really new to locking things down like this.