ftp hacker

Also, you can use the "netstat -n" to check ip addresses running at your background .If are conversant with port numbers, you can figure out strange port numbers and block them.

Hi sose,

I'm not too sure if that would realistically work. The issue was with someone trying to authenticate on the FTP Server. If this is all happening against the FTP Service (FTP Deamon) then all the connections will be coming from source port > 1024 to detstination port 20/21.

The only way to stop this is to block the users source ip address to stop them trying to brute force a login to the ftp server.

Cheers

yeah I already Configured auditing on the FTP directories so I know when there is a login failure.

I have their IP address's I have blocked them out I have noticed attacks by different people throughout the globe. I have traced Ip addresses from China to California. If I continue to see alot of attempts i will just block everyone but the people i want. Therefore only the IP address's i specify will work. I also did not just block that single IP i found out the company that leased that Address block and blocked the whole network.

Are you blocking at the FTP server or your external firewall? If you're getting so many attempts, it may be more efficient to stop them before they get into your network in the first place.

Blocking at the server is ok for a few attacks... for the amount i am understanding this to be i would be beefing up the FW. much easier!

best way to hack the ftp...find on which port is that ftp running

u can find port by using port scanner

thne block that port of that particular ip