Posted: Fri Nov 28, 2008 4:35 pm Post subject: Help Please, FTP attack on my server :(
Hi all, my first time on this forum. I am a network engineer student in college and need some help. I have discovered an FTP attack on my web server. This is not the first time this has happened. I want to somehow take action against these guys. Below is a capture of the packets going into my server:
Just use a program like Wireshark to read it (free multi-platform packet reader)
Here is the info I was able to pull up on the guy (and my info says its not behind a proxy):
inetnum: 22.214.171.124 - 126.96.36.199
descr: 21vianet (shanghai), Inc.
descr: 129 Yan An Rd(W.) Shanghai, China
status: ALLOCATED PORTABLE
changed: firstname.lastname@example.org 20060224
person: Xiaoqiu Liu
address: 129 Yan An Rd(W.) Shanghai, China
changed: email@example.com 20050920
Can anyone assist me with what my next step should be?
The server wasn't up for 2 days when I noticed FTP attack attempts from China. I don't know what their deal is, but simply blocking the IP range seems to have worked so far.. until I get a honeypot setup
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum