Posted: Fri Nov 28, 2008 4:35 pm Post subject: Help Please, FTP attack on my server :(
Hi all, my first time on this forum. I am a network engineer student in college and need some help. I have discovered an FTP attack on my web server. This is not the first time this has happened. I want to somehow take action against these guys. Below is a capture of the packets going into my server:
http://www.mediafire.com/?nm4zzzin2jz
Just use a program like Wireshark to read it (free multi-platform packet reader)
Here is the info I was able to pull up on the guy (and my info says its not behind a proxy):
inetnum: 211.152.32.0 - 211.152.63.255
netname: SH-21VIANET
country: CN
descr: 21vianet (shanghai), Inc.
descr: 129 Yan An Rd(W.) Shanghai, China
admin-c: XL442-AP
tech-c: YW605-AP
status: ALLOCATED PORTABLE
changed: ipas@cnnic.cn 20060224
mnt-by: MAINT-CNNIC-AP
mnt-lower: MAINT-CNNIC-AP
mnt-routes: MAINT-CNCGROUP-RR
source: APNIC
person: Xiaoqiu Liu
nic-hdl: XL442-AP
e-mail: liu.xiaoqiu@21vianet.com
address: 129 Yan An Rd(W.) Shanghai, China
phone: +86-021-62499933-5190
fax-no: +86-021-62499901
country: CN
changed: ipas@cnnic.net.cn 20050920
mnt-by: MAINT-CNNIC-AP
source: APNIC
Can anyone assist me with what my next step should be?
The server wasn't up for 2 days when I noticed FTP attack attempts from China. I don't know what their deal is, but simply blocking the IP range seems to have worked so far.. until I get a honeypot setup
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum