Re: SBS FTP service getting slammed.


I assumed not much could be done, but thought I would ask.

Thanks for all the advise it does help.

Do you think assigning static IP to the external machines and only allowing
those to authenticate will cut down on it too? Or does it have a weakness

VPN not an option right now.


"Phillip Windell" <@.> wrote in message
"Purtech" <mikek(remove)> wrote in message
Yesterday they tried the username of "Julian" Go figure. The police here
won't do anything. Neither will my ISP.

There isn't anything that can be done. And there isn't anything to do.
They are failing,...that is what is supposed to happen.
You can't stop them from trying.
Just make sure you have very strong complex passwords.

Your ISP can't do anything about it if they wanted to and neither can the
police. How are thy supposed to arrest people who may be in some other
country somewhere where they have no jurisdiction? Only the guilty
ISP is capable of doing anything about it,...if you can figure out who
is,...figure out how to contact them,...prove to them that something is
really happeing,...and if they are actually even willing to do anything
about it.

Rest assured everybody else's FTP Server out there is getting the same
thing. Heck I even set on up once and waited to see what they would upload
just for fun. I ended up collecting some a few DivX AVIs of the Smallville
TV Series, unfortuneatly it wasn't in English :-)
It only took a few hours for them to find my fresh new FTP Server that had
not been there before.

Some precautions you can take.

1. Store the FTP Root on a separate drive (partion). If they finally
to login they will upload crap with odd names that the Windows OS is not
capable of deleting. To fix that quickly you simply move the good stuff to
another partion,..reformat the FTP partition,...then move the good stuff
back. That usually only takes a few minutes. But if you have the FTP Root
on a partion with other stuff it becomes more difficult,...if it is the C:
partion with the OS you are really screwed.

2. You could add the MS Loopback adapter and assing it a private IP# that
*not* used on your LAN,...bind the FTP Site to that IP *only*. Then setup
the Server to accept Remote Access VPN. Then you VPN into it first,...then
run the FTP to the Private IP# over the VPN instead of exposing it to the
Internet. This will protect the fact the FTP passes the credentials in
Clear Text.

Create a local User Account on the Server (with a complex password!).
a new Group for the User then make it the Default Group for the User and
remove the User from the normal Users Group. Give this user "dialin"
rights,...this means they can establish the VPN connection but will have
permissions to anything else beyond that. You use this account the
establish your VPN. Then use the separate FTP User for logging into the
Site while shielded inside the VPN Tunnel.

Phillip Windell [MCP, MVP, CCNA]
Understanding the ISA 2004 Access Rule Processing

Troubleshooting Client Authentication on Access Rules in ISA Server 2004

Microsoft Internet Security & Acceleration Server: Guidance

Microsoft Internet Security & Acceleration Server: Partners

Deployment Guidelines for ISA Server 2004 Enterprise Edition