Results 1 to 2 of 2
  1. #1
    Newbie
    Join Date
    Sep 2008
    Posts
    5

    Default ftp attack not detected

    I had 600,000 login attempts on my FTP server over a 16 hour period from the same IP address, approximately 9 login attempts a second. Attack blocker didn't report anything. During that same time there was one IP address assigned a reputation value of 61.6 that sent 33 emails over a 2 minute span. Is something Attack Blocker should catch?

  2. #2
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,752

    Default

    Did you have SID 491 (FTP Bad Login, category "info") set to block in Intrusion Prevention, or any of the FTP category blocks? As far as Attack Blocker, if it got a reputation, it did catch the emailer and probably slowed them down...look at the other columns in that event. If they were going out to a port 25, I would have had that blocked in the first place. Emails wouldn't have been sent and you would have had a log of were it came from. Attack Blocker already told you that though with the entry you mentioned.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2