hi all,

i have been keeping an eye on my servers log. I see that every now and again a certain ip connects to my machine and tries a few ftp connections using anonymous, test, irc etc. They are getting unknown user errors but is there anything I should do to make sure its safe?

I have a firewall and closed ports I dont use etc. I was thinking of setting up a rule that only allows my ip to use ftp and block everyone else as currently only I use the ftp.

Any thoughts? suggestions? or help?

Thanks!

Stewart

Having people probe your FTP server for holes is pretty common. If you're the only one who needs access, then by all means restrict it to only the IPs you need (an iptables rule would work fine). Usually its SOP to restrict access to services to as few systems as you possibly can.

What does that mean? thanks again for your reply

SOP = standard operating practice?

if so are you saying most ppl restrict to as few as possible

or

do you mean they restrict as much as possible?

Sorry, SOP=Standard Operating Procedure/Practice

Meaning you should try and give access only to those that need it. If you're the only one you want having FTP access, then restrict access to it, so that only your IP can access it. No sense in having it publicly accessible so that every clown out there can pound away at the FTP daemon if you don't need to. FTP and HTTP servers both seem to attract these kinds of probes, so you'll probably sleep better at night if you don't have to worry about who is doing what to your FTP server.

To further back up what caveman said, I would also look at your ftp config files to make sure if there are restrications you can add to the server its self. Then take a look at ftpusers, in /etc/ftpusers add every account you can think of except yours.

One alternative to ftp if you are the only one who needs files off of this machine is: scp. A tool that comes with ssh, if you have sshd running anyway you may be able to close the ftp server.


Just some thoughts