Re: SBS FTP service getting slammed.
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Wed, 17 May 2006 22:08:11 -0700
I do not think static is important for this specific purpose as long as
you can distinguish by IP or subnet the machines that should be
allowed to access FTP. That would be sufficient to define a filter
in an IPsec policy to limit FTP access.
If you are entirely protected by firewall from outside, then either
the FTP is being hammered by an inside machine or the firewall
configuration needs reevaluation.
If you have SBS03 Premium, then are you using ISA ? This
could form a second layer after the hardware firewall, and the
ISA could be using authentication based on your Windows
accounts to gate access whereas the firewall would narrow
down what comes at you edge machines.
"Purtech" <mikek(remove)@hlit.net> wrote in message
news:uFfg47ceGHA.3952@xxxxxxxxxxxxxxxxxxxxxxx
Roger:
It is SBS 2003 Premium.
These machines are external - without static addresses for the most part.
My server is dual NIC but I use it for Load Balancing. The entire main
office is protected by a hardware firewall.
I will consider your suggestion about the NICs.
Question: is having static addresses one of the best/least complicated
ways to solve this? I ask becuase I might take your answer to my boss to
get the money approved for it.
Mike
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:uNmI8$UeGHA.3484@xxxxxxxxxxxxxxxxxxxxxxx
You have not indicated OS versions.
If SBS is W2k based then use IPsec in a filtering mode, else if
this is SBS based on W2k3 use either IPsec in a filtering mode
or use the W2k3 firewall or use boh
in either event with the objective of allowing the FTP ports only
for the IPs of the machines that do need FTP access for the
(internal I assume) backup purposes.
Now, the above can be used whether the SBS server is a one
nic or two nic server. However, if it is a one nic server you
should consider making it into a two nic server with all of your
infrastructure off the new internal nic and with the (ISA if you
SBS version permits) protected external nic allowing only what
is absolutely necessary (ex. DNS, time service, SMTP/Pop,
http/https, vpn). Ideally you would have the external nic also
behind at least an inexpensive firewall/router.
"Purtech" <mikek(remove)@hlit.net> wrote in message
news:uf4YvUQeGHA.3388@xxxxxxxxxxxxxxxxxxxxxxx
We have a low IT budget. I am using FTP to backup remote computers.
Someone discovered my FTP service was opened and has been hitting me
with 10's of thousands break-in attempts. Usually trying the
administrator user.
They will probably not figure out the user name, because I have changed
the admin username, but it is almost everyday.
Yesterday they tried the username of "Julian" Go figure. The police here
won't do anything. Neither will my ISP.
Any ideas?
Thanks!
.
- Follow-Ups:
- Re: SBS FTP service getting slammed.
- From: Purtech
- Re: SBS FTP service getting slammed.
- References:
- SBS FTP service getting slammed.
- From: Purtech
- Re: SBS FTP service getting slammed.
- From: Roger Abell [MVP]
- Re: SBS FTP service getting slammed.
- From: Purtech
- SBS FTP service getting slammed.
- Prev by Date: Re: How to enable Memory protection between different processes of one account?
- Next by Date: Flaws In XP
- Previous by thread: Re: SBS FTP service getting slammed.
- Next by thread: Re: SBS FTP service getting slammed.
- Index(es):
Relevant Pages
|
