Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[TheBoy]

Firstly, DON'T allow access to vital system or data areas, thats not what FTP is for. If you allow anonymous read, ensure that any virtuals deny anonymous.

IF you REALLY must access via FTP from work - and they is no valid reason now to use such an insecure system - ONLY allow your work IPs.  Block it either at firewall, or at IIS level, or preferrably both.

The reason they are being persistent with you is likely your IP has ended up on a 'suckers list', ie, has been compromised before (if you had your smtp open and relaying for example), as they assume (probably correctly) that as you have made one fundamental error, you're likely to make another.

Lock the tinker down hard for a few weeks, ie only allow in what you really, really, really need, thats the quickest way off a suckers list

[Ian_D]

Firstly, DON'T allow access to vital system or data areas, thats not what FTP is for. If you allow anonymous read, ensure that any virtuals deny anonymous.

IF you REALLY must access via FTP from work - and they is no valid reason now to use such an insecure system - ONLY allow your work IPs.  Block it either at firewall, or at IIS level, or preferrably both.

The reason they are being persistent with you is likely your IP has ended up on a 'suckers list', ie, has been compromised before (if you had your smtp open and relaying for example), as they assume (probably correctly) that as you have made one fundamental error, you're likely to make another.

Lock the tinker down hard for a few weeks, ie only allow in what you really, really, really need, thats the quickest way off a suckers list

Ta for that advice TB. Never thought about the possibility of it been in a suckers list! Would make sence since it was used as an open relay for a couple of hours the other day  Woops!

I will disable FTP for now, as its not vital I guess. I can always RDP it and enable if I needed to.

Is there any other options available that I could put in place of FTP?

[Radiomarko]

PM me his current IP -  he can be the target of my famous smurf attack. Google it for info, if he is a dork he may have left himself open.

Yes I have time on my hands this week, getting over the flu!   [smiley=lipsrsealed.gif]

-edited out incomprehensible whisky fueled rubbish.

[Ian_D]

PM me his current IP -  he can be the target of my famous smurf attack. Google it for info, if he is a dork he may have left himself open.

Yes I have time on my hands this week, getting over the flu!   [smiley=lipsrsealed.gif]

-edited out incomprehensible whisky fueled rubbish.

As far as I know, the above IP is still him.

[Radiomarko]

Not live, no ports open, possibly sleeping - or dead.   :-?

[Ian_D]

Not live, no ports open, possibly sleeping - or dead.   :-?

Oh right, Couldnt tell you mate anyway as I've disabled FTP for now...

[TheBoy]

Not live, no ports open, possibly sleeping - or dead.   :-?

If he's any good, not getting a response on any port is to be expected.

[Lizzie_Zoom]

Can't you send a crippling virus out into the hackers system? :-/

If that seems like a stupid question, sorry, it is because I know little about computer systems!

To me it just appears to be a logical thing to do; attack is the best form of defence!!

Judging by the fact I have not received an answer to this previously posted question earlier in this thread  I assume I was asking a daft question!

However I am still interested to know why you cannot mount an attack on the hackers system whilst it is "open" trying to enter yours??

Is that not technically possible?  If not it should be, then no hacker would ever get away with corrupting your system.

[deviator]

It doesn't really matter how long or complex your password is, if you are using FTP it's sent over the internet in plain text. Therefore first port of call is a secure FTP, IE over SSL. Not perfect but better. Not only that, but you be on a different port and can close 20/21. Talking of ports, nothing stopping you from changing your ftp port to a random number (check it before you use it).

The other option is to create a sandbox, that'll keep most entry level hackers busy! I had a sandbox of 3 web-facing servers and 2 backend servers. I had people running around in there for days, in fact the funniest part was when one of them hacked my sandbox, drop a virus and then the next guy that got in, caught the virus themselves!

[deviator]

Can't you send a crippling virus out into the hackers system? :-/

If that seems like a stupid question, sorry, it is because I know little about computer systems!

To me it just appears to be a logical thing to do; attack is the best form of defence!!

Judging by the fact I have not received an answer to this previously posted question earlier in this thread  I assume I was asking a daft question!

However I am still interested to know why you cannot mount an attack on the hackers system whilst it is "open" trying to enter yours??

Is that not technically possible?  If not it should be, then no hacker would ever get away with corrupting your system.

It's illegal. Transmitting virii and hacking into their computer is covered under Misuse of Computer act. Unless they are amatuer hackers, they would tend to be more secure than most users. Also any intelligent hacker will be using a 3rd party PC as a proxy. THerefore using a compromised PC to mount the attack on the end target. You then hack the man in the middle (some innocent person).

[TheBoy]

Can't you send a crippling virus out into the hackers system? :-/

If that seems like a stupid question, sorry, it is because I know little about computer systems!

To me it just appears to be a logical thing to do; attack is the best form of defence!!

Judging by the fact I have not received an answer to this previously posted question earlier in this thread  I assume I was asking a daft question!

However I am still interested to know why you cannot mount an attack on the hackers system whilst it is "open" trying to enter yours??

Is that not technically possible?  If not it should be, then no hacker would ever get away with corrupting your system.

Technically a theoretical possibility, but in practice, very difficult. Ultimately, you would have to find a security flaw in his OS or app that he was using to send the data, and exploit that.

[Lizzie_Zoom]

Can't you send a crippling virus out into the hackers system? :-/

If that seems like a stupid question, sorry, it is because I know little about computer systems!

To me it just appears to be a logical thing to do; attack is the best form of defence!!

Judging by the fact I have not received an answer to this previously posted question earlier in this thread  I assume I was asking a daft question!

However I am still interested to know why you cannot mount an attack on the hackers system whilst it is "open" trying to enter yours??

Is that not technically possible?  If not it should be, then no hacker would ever get away with corrupting your system.

It's illegal. Transmitting virii and hacking into their computer is covered under Misuse of Computer act. Unless they are amatuer hackers, they would tend to be more secure than most users. Also any intelligent hacker will be using a 3rd party PC as a proxy. THerefore using a compromised PC to mount the attack on the end target. You then hack the man in the middle (some innocent person).

Thanks Deviator!!

[Lizzie_Zoom]

Can't you send a crippling virus out into the hackers system? :-/

If that seems like a stupid question, sorry, it is because I know little about computer systems!

To me it just appears to be a logical thing to do; attack is the best form of defence!!

Judging by the fact I have not received an answer to this previously posted question earlier in this thread  I assume I was asking a daft question!

However I am still interested to know why you cannot mount an attack on the hackers system whilst it is "open" trying to enter yours??

Is that not technically possible?  If not it should be, then no hacker would ever get away with corrupting your system.

Technically a theoretical possibility, but in practice, very difficult. Ultimately, you would have to find a security flaw in his OS or app that he was using to send the data, and exploit that.

Thanks TB!