Re: ftp server question
- From: Rick Merrill <rick0.merrill@xxxxxxxxxxxxxxx>
- Date: Mon, 26 Jun 2006 12:54:11 -0400
TwistyCreek wrote:
Rick Merrill <rick0.merrill@xxxxxxxxxxxxxxx> wrote:
Maybe you can tell us HOW these attackers find the IP numbers of
systems that are running FTP (or others services) ???
Too easy. Nmap is more than capable of scanning huge chunks of the net
for specific services and spitting out nicely formatted lists. And I'd
wager there's specialized software for people who are too script kiddie
to figure out nmap.
The standard practice as I understand it is to run your scans and sit
on the results for a while, or trade them with your buddies. Then some
time later or from another location launch your "attack" so that it's
harder to figure out where it's really coming from.
That innocent looking port scan you see in your firewall today could
very likely be the precursor to the attack you're going to experience
next month.
So anyone running an open FTP server has probably already been 'found out' but not everyone runs a log and even fewer probably check it!
THe only account they have tried Does Not Exist!
Is a VPN the only way to protect against this scanning?
.
- Follow-Ups:
- Re: ftp server question
- From: Borked Pseudo Mailed
- Re: ftp server question
- References:
- ftp server question
- From: Peter
- Re: ftp server question
- From: Borked Pseudo Mailed
- Re: ftp server question
- From: Rick Merrill
- Re: ftp server question
- From: TwistyCreek
- ftp server question
- Prev by Date: Re: A Hijacking Problem
- Next by Date: Re: A Hijacking Problem
- Previous by thread: Re: ftp server question
- Next by thread: Re: ftp server question
- Index(es):
Relevant Pages
|
