FTP login, DOS problem
Using IIS 6 under Win2003 server, and have an FTP site on the internet. Some internet computers, probably with a virus, continually try to login to the ftp site using arbitrary login passwortd combinations. The system has strong passwords so I am not so concearned with someone getting a password, as that the attacks use up most of my bandwidth. Is there a way to autoblock the IP address of the atackers, or some simular solution? Help would sure be appreciated.
March 20th, 2008 12:48am
Hi, You can manually block a specific IP address to access FTP server in FTP site->property->directory security. As for 'autoblock' function, as far as I know, some intelligent firewalls and applications, such as Microsoft ISA (Internet Security and Acceleration) Server, can meet this requirement. For more information about how to protect your network from DOS attack, please refer to: Best Practices for Preventing DoS/Denial of Service Attacks http://www.microsoft.com/technet/archive/security/bestprac/dosatack.mspx?mfr=true Meanwhile, please note the authenticated user password will transfer in a plain text way on the internet. Some attackers can easily obtain the user password by using the some monitor software. In case of domain environment, you can apply IPSec to encrypt traffics between ftp server and client. I hope this helps. Best wishes --------------Morgan Che
March 21st, 2008 2:25pm