Penetration Testing mailing list archives

Re: Mitigate FTP


From: Taufiq Ali <taufiq.ali () niiconsulting com>
Date: Wed, 15 Oct 2008 11:12:41 +0530

Hi Sarah,

I see no point having alternative to FTP just because some is trying to brute force it. Any alternative protocol like SFTP, SSH etc does not stop a person from doing a brute force. The ideal thing to mitigate this is to have a IPS/IDS or a Firewall that block the traffic coming from the pool of IP address used for attacks. Also harden the FTP box & enforce strong password policy. And bearing in mind the remote locations sniffing is not even worth considering.

Taufiq



-------- Original Message --------
Subject: Re: Mitigate FTP
From: David Glosser <david.glosser () gmail com>
To: Sarah Wahl <scwahl () gmail com>
CC: pen-test () securityfocus com
Date: 10/15/2008 1:27 AM

how about using something like moveit (http://www.ipswitchft.com/)?

Clients still use ftp but then the file itself is transferred to your
actual ftp server?


On Mon, Oct 13, 2008 at 9:46 PM, Sarah Wahl <scwahl () gmail com> wrote:
Hi All,
  I am working with a company who is using FTP and cannot switch to a
better protocol.  They have been seeing attacks which are most likely
coming from one person.  The attacker is using four different IPs
(ARIN shows them to be coming from mexico, canada and the US) with the
same brute force attack.  They are trying to guess user names using a
tool (don't know why they aren't just trying to sniff traffic). I have
suggested putting in a honey pot to try and catch the attacker and
they have locked down the service as best as possible given the fact
they are still having to use FTP.  It is being run on IIS 6.0. The
attacker can't get through the firewall, so no damage so far.  Do you
have any other suggestions for trying to catch the attacker and any
other mitigations? Any ideas would be greatly appreciated.

Thank you very much,
Sarah

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


Current thread: