Pages: [1] Go Down

DOS attacks on my ftp server

Mike Stoddart

DOS attacks on my ftp server

« on: May 24, 2001, 09:01:47 AM »

I'm getting constant attempts to connect to my ftp server by the same computer:

May 24 00:07:17 crivens in.proftpd[1048]: connect from 209.99.63.46
May 24 00:07:19 crivens proftpd[1049]: connection refused (max clients 10)

Name: tcnet03-109.dallas.texas.net
Address: 209.99.63.46

What can I do? I can't use my ftp server for anything, and I don't know how to prevent this?

Any ideas?

Thanks
Mike

Logged

Nathan Fowler

Re: DOS attacks on my ftp server

« Reply #1 on: May 24, 2001, 06:56:24 PM »

Deny the bastard access using ipchains. Deny his entire Class C subnet.

Just deny port 21:
/sbin/ipchains -N in
/sbin/ipchains -A in -p tcp --source 209.99.63.0/24 --destination-port 21 -j DENY

OR

Deny everything to that Class C
/sbin/ipchains -N in
/sbin/ipchains -A in --source 209.99.63.0/24 -j DENY

OR

Just deny that specific IP
Replace 209.99.63.0/24 with 209.99.63.46/32, this will deny that specific IP.

Hope this helped

Logged

Pages: [1] Go Up

« previous next »