Journal Mantorp's Journal: my ftp server is under attack 13
Ever since I set up an ftp server the other day attempts to connect to it are coming in from all over. So now that I have their IP addresses what's the best way to figure out where they're coming from? Not interested in vigilanteism, I'm just curious.
Dig (Score:2)
dig -x 1.2.3.4
On just about any platform you can use nslookup, you'll have to check the help for how to do reverse lookups, it's been a while since I used it.
Finally there are online services that will do pretty much the same thing for you. One of my favorites is DNS Stuff [dnsstuff.com]. Besides the reverse lookup you are asking about they can tell you a lot about DNS in general, including checking for errors on DNS Servers, checking DNS
Re: (Score:2)
Re: (Score:2)
I find a lot of times though when I reverse lookup someone who is scanning my ports or randomly trying to connect that there is no publically
real attacks? (Score:1)
Re: (Score:2)
Re: (Score:1)
As I said before, if you're using OpenBSD as a firewall you can set it to automatically block address X.X.X.X after Y attempted connections for Z amount of time.
Probably just port scans (Score:2)
It's been a couple of years since I ran an ftp server from home, but I remember port scans were VERY common. One thing you may want to consider is changing the port to which ftp is bound - move it to something that isn't commonly used, and it's less likely to be scanned. I'm probably just restating something you already know, though.
Another option, if you're so inclined, would be to drop all packets from IP addresses of common and repeat offenders. If you're move script-capable than I, you could probably
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)