Re: SBS FTP service getting slammed.



Phillip:

I assumed not much could be done, but thought I would ask.

Thanks for all the advise it does help.

Do you think assigning static IP to the external machines and only allowing
those to authenticate will cut down on it too? Or does it have a weakness
too?

VPN not an option right now.

Mike


"Phillip Windell" <@.> wrote in message
news:OprcatQeGHA.1272@xxxxxxxxxxxxxxxxxxxxxxx
"Purtech" <mikek(remove)@hlit.net> wrote in message
news:uf4YvUQeGHA.3388@xxxxxxxxxxxxxxxxxxxxxxx
Yesterday they tried the username of "Julian" Go figure. The police here
won't do anything. Neither will my ISP.

There isn't anything that can be done. And there isn't anything to do.
They are failing,...that is what is supposed to happen.
You can't stop them from trying.
Just make sure you have very strong complex passwords.

Your ISP can't do anything about it if they wanted to and neither can the
police. How are thy supposed to arrest people who may be in some other
country somewhere where they have no jurisdiction? Only the guilty
party's
ISP is capable of doing anything about it,...if you can figure out who
that
is,...figure out how to contact them,...prove to them that something is
really happeing,...and if they are actually even willing to do anything
about it.

Rest assured everybody else's FTP Server out there is getting the same
thing. Heck I even set on up once and waited to see what they would upload
just for fun. I ended up collecting some a few DivX AVIs of the Smallville
TV Series, unfortuneatly it wasn't in English :-)
It only took a few hours for them to find my fresh new FTP Server that had
not been there before.

Some precautions you can take.

1. Store the FTP Root on a separate drive (partion). If they finally
manage
to login they will upload crap with odd names that the Windows OS is not
capable of deleting. To fix that quickly you simply move the good stuff to
another partion,..reformat the FTP partition,...then move the good stuff
back. That usually only takes a few minutes. But if you have the FTP Root
on a partion with other stuff it becomes more difficult,...if it is the C:
partion with the OS you are really screwed.

2. You could add the MS Loopback adapter and assing it a private IP# that
is
*not* used on your LAN,...bind the FTP Site to that IP *only*. Then setup
the Server to accept Remote Access VPN. Then you VPN into it first,...then
run the FTP to the Private IP# over the VPN instead of exposing it to the
Internet. This will protect the fact the FTP passes the credentials in
Clear Text.

Create a local User Account on the Server (with a complex password!).
Create
a new Group for the User then make it the Default Group for the User and
remove the User from the normal Users Group. Give this user "dialin"
rights,...this means they can establish the VPN connection but will have
no
permissions to anything else beyond that. You use this account the
establish your VPN. Then use the separate FTP User for logging into the
FTP
Site while shielded inside the VPN Tunnel.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------





.



Relevant Pages

  • Re: VPN to ISA server, cant FTP through it
    ... filter on the FTP server first. ... what the client IP address might be, but I do know what the server IP ... through a VPN, will they not be encrypted anyway? ... then the Source Network would be the "created" Network that ws created when ...
    (microsoft.public.isa.vpn)
  • RE: How to setup VPN Site-to-Site with two SBS2003 Servers.
    ... Wizard on both the two SBS Server. ... please remove all existing VPN settings and strictly follow the ... Creating IPSec Tunnel Mode Site to Site VPNs with ISA Server 2004 Firewalls ... Joining Networks over the Internet with a Gateway to Gateway VPN: ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN mit PPTP kein Zugriff auf interne Resourcen
    ... Sobald ich auf dem ISA Server per PPTP per ISDN eingewählt bin und versuche ... 2004 formuliert habe (Gesamten ausgehendern Verkehr von VPN Clients nach DC ... wurden erstellt, die Netzwerkregel ebenso: ...
    (microsoft.public.de.german.isaserver)
  • Re: sendmail compromised - Somebody help me!
    ... > through VPN. ... I do use an FTP server. ... Internet Explorer window and let go of the mouse button. ...
    (comp.os.linux.networking)
  • RE: VPN sometimes works and sometimes not - Error 691
    ... And now you have enabled VPN on ISA server, ... do you mean you have enabled VPN on windows server 2003 not on SBS? ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)