Darryl Gregorash wrote: > On 2007-04-24 23:12, david rankin wrote: > >>> <snip> >>> >>> >> Thanks for all the responses! It looks like the primary problem is a >> lot of lame servers out there. >> > > As Carlos explained, the IP in question does not resolve with reverse > DNS. However, I would not call that your primary problem: you seem to > have the external interface (on your router, or whatever) open for ftp, > and seem to be getting subjected to a dictionary attack (attempts to log > in with any number of common potential user IDs and passwords). Close > the external interface for ftp, unless you absolutely need it, and let > the firewall handle the job of protecting your ftp server security. > > Disabling ftp will solve first cause... but there is something of more concern here...
Occasionally I need to enable external ssh access. When I enable external ssh access, I usually get ssh scan attacks. They do not normally make a heavy impact on network or server load.. What I do not get is the subsequent high level of DNS error responses if an address not resolvable. This may be because the way my DNS setup is configured, or I am just lucky. The extra traffic (1 DNS resolution request seems to have generated 14 responses) and the associated overheads is effectively a DoS attack, but for this effect to be experienced either the settings of the DNS servers queried or the DNS settings of the target server are not quit right . This could cause problems not just in this scan attack but for anything that needs to resolve an address and the address is not resolvable (sending a raft of mail from an unresolvable or spoofed address could have a similar effect). That is worrying... -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
