Author: jvieramacbook, Posted: Fri Nov 28, 2008 4:35 pm Post subject: Help Please, FTP attack on my server :( ---- Hi all, my first time on this forum. I am a network engineer student in college and need some help. I have discovered an FTP attack on my web server. This is not the first time this has happened. I want to somehow take action against these guys. Below is a capture of the packets going into my server:
http://www.mediafire.com/?nm4zzzin2jz
Just use a program like Wireshark to read it (free multi-platform packet reader)
Here is the info I was able to pull up on the guy (and my info says its not behind a proxy):
inetnum: 211.152.32.0 - 211.152.63.255
netname: SH-21VIANET
country: CN
descr: 21vianet (shanghai), Inc.
descr: 129 Yan An Rd(W.) Shanghai, China
admin-c: XL442-AP
tech-c: YW605-AP
status: ALLOCATED PORTABLE
changed: ipas@cnnic.cn 20060224
mnt-by: MAINT-CNNIC-AP
mnt-lower: MAINT-CNNIC-AP
mnt-routes: MAINT-CNCGROUP-RR
source: APNIC
person: Xiaoqiu Liu
nic-hdl: XL442-AP
e-mail: liu.xiaoqiu@21vianet.com
address: 129 Yan An Rd(W.) Shanghai, China
phone: +86-021-62499933-5190
fax-no: +86-021-62499901
country: CN
changed: ipas@cnnic.net.cn 20050920
mnt-by: MAINT-CNNIC-AP
source: APNIC
Can anyone assist me with what my next step should be?
Author: razta, Location: 127.0.0.1Posted: Sat Nov 29, 2008 7:09 pm Post subject: ---- Block the IP range from accessing your FTP server. Contact 21vianet.com and inform them of the attack. Hope that helps.
Author: jvieramacbook, Posted: Sun Nov 30, 2008 3:24 am Post subject: ---- Thank you. The advice is appreciated.
Author: Carlo Gambino, Location: Ohio, USAPosted: Fri Dec 05, 2008 6:34 am Post subject: ---- This happened to me recently as well.
The server wasn't up for 2 days when I noticed FTP attack attempts from China. I don't know what their deal is, but simply blocking the IP range seems to have worked so far.. until I get a honeypot setup