Anonymous access is not allowed, smoeone is trying to login as Admin and
diffrent user name. I did check the logs , it only happens for certain time
then stops for a whilr and start again. My IIS server is behind the
corporate firewall .
What else I can do ? Enabling Windows firewall on my server will do any good
?, still i need to allow FTP ( port 21 ) on this server.
[quoted text, click to view] "Jeff Cochran" wrote:
> On Wed, 17 May 2006 13:40:02 -0700, Jey
> <Jey@discussions.microsoft.com> wrote:
>
> >I am running IIS6 FTP on Wondows 2003 box, my serveris under service denial
> >attack . It come form different IP address all the time. It appears the
> >attack is from hijacked computers as the IP is allways
> >different.
> >
> >
> >How do stop this ?
>
> With a decent IDS or firewall. But then, how do you know it's an
> attack and not everyone trying to access your system? Have you looked
> at the logs? If you allowed anonymous upload, it's likely you're
> serving WaReZ now and generating a ton of requests.
>
> Jeff
On Thu, 18 May 2006 07:09:02 -0700, Jey
[quoted text, click to view] <Jey@discussions.microsoft.com> wrote:
>Anonymous access is not allowed, smoeone is trying to login as Admin and
>diffrent user name. I did check the logs , it only happens for certain time
>then stops for a whilr and start again. My IIS server is behind the
>corporate firewall .
>
>What else I can do ? Enabling Windows firewall on my server will do any good
>?, still i need to allow FTP ( port 21 ) on this server.
You need a firewall that can analyze traffic and block these, or an
IDS.
Jeff
[quoted text, click to view] >"Jeff Cochran" wrote:
>
>> On Wed, 17 May 2006 13:40:02 -0700, Jey
>> <Jey@discussions.microsoft.com> wrote:
>>
>> >I am running IIS6 FTP on Wondows 2003 box, my serveris under service denial
>> >attack . It come form different IP address all the time. It appears the
>> >attack is from hijacked computers as the IP is allways
>> >different.
>> >
>> >
>> >How do stop this ?
>>
>> With a decent IDS or firewall. But then, how do you know it's an
>> attack and not everyone trying to access your system? Have you looked
>> at the logs? If you allowed anonymous upload, it's likely you're
>> serving WaReZ now and generating a ton of requests.
>>
>> Jeff
>>
[quoted text, click to view] Jey <Jey@discussions.microsoft.com> wrote:
> Anonymous access is not allowed, smoeone is trying to login as Admin
> and diffrent user name. I did check the logs , it only happens for
> certain time then stops for a whilr and start again.
This isn't really a service denial attack. It's just some kiddie trying to
look for weak passwords. Every password-protected internet service in the
world gets these attempts. If you've chosen strong passwords, you have
nothing to fear. There's little else that you can do to stop them, as
legitimate login attempts look much the same, even to IDS software.
--
Robin Walker [MVP Networking]
rdhw@cam.ac.uk
Don't see what you're looking for? Try a search.
