I've seen an increase in the amount of dictionary attacks my server is getting of late. I've hardened ssh with public/private key requirements so I'm not too worried about that. I am somewhat worried about the sheer number of attacks FTP is getting . The attacker will max out my allowed connections and just beat on the ftp server untill I turn off the service. I can ban the IP, but they are back in a matter of seconds on a new IP.
What can a person do to stem these attacks? I've seen sugestions to use APF and I have installed it and played around with it. But to be honest, I just don't understand the program well enough. It isn't doccumented well enough for a person of my skill level to be usable. (I can't get ftp to function with APF on)
So I have a couple of questions:
How worried should I be about these kinds of brute force atttack. (Asside from the fact that they, in essence, DoS my ftp server)
Is there a reasonbly documented method of preventing these brute force attacks?
Reporting these people to the companies that lease them the offending IPs seems pointless. Nothing really changes.
What can a person do to stem these attacks? I've seen sugestions to use APF and I have installed it and played around with it. But to be honest, I just don't understand the program well enough. It isn't doccumented well enough for a person of my skill level to be usable. (I can't get ftp to function with APF on)
So I have a couple of questions:
How worried should I be about these kinds of brute force atttack. (Asside from the fact that they, in essence, DoS my ftp server)
Is there a reasonbly documented method of preventing these brute force attacks?
Reporting these people to the companies that lease them the offending IPs seems pointless. Nothing really changes.
Last edited: