|
Posted by Ralph Hulslander on November 22, 2007, 8:01 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Has anyone else seen and dealt with a reoccuring FTP login flood?
My domain gets hit with a new FTP login flood about every two or three days.
It is allways a different IP but the same boring login attack.
There can be thousands of login attempts.
Essentially this causes a denial of service because IIS allways acknowledges
these
login request (which are allways denied). This uses resources on the server
and slows
things down. The attacks are never successful and are really just a pain but
who
knows what would happen if they succeded.
This never happens on other domains.
How would I deal with this type of attack?
------------------------------------------------------------------
Does anyone know how to get some use out of the Event log?
All of the attempts are recorded in the Event log so I could have a script
looking at the Event log and If three failed attempts at FTP login then turn
of the FTP server for a couple of minutes. This would stop the attack at
least untill the next time.
I am surprised that I have not foundother mention of this kind of attack.
Thanks for any pointers.
Ralph
| 
XML site map