Hi Render-Vue, > To carry on what other people have been saying the scans from > dip.t-dialin.net and abo.wanadoo.fr happen to our servers on a daily basis
dip.t-dialin.net are DSL users from T-Online, the online branch of Deutsche Telekom. That's what I use myself. Complaining to T-Online is futile. They have more than seven million users and have cut down hard on support, so unless you have a smoking gun in hand and a corpse to proove they won't raise an eyebrow. Similar things apply for all the big ISPs like home.net, wanadoo.fr, mindspring, <choke> AOL and others. > I know they haven't breached the server but as someone mentioned it does > get annoying seeing the same network and IP's coming up...what do you do if > the ISP can't take matters like this seriously :< Of course. You see, I have a temporary and a permanent banlist on my server, containing all the IP addresses and subnets which I block. If there's a repeat offender in there, then I have no problem with banning the entire class A or B net of one of the big fishes and use ipchains to deny them anything except access to port 80, 53 and 25 - IF they're lucky. There is one thing I will most likely do about FTP: I'll shut it down completly and use a modified version of the POPrelayD-script to reopen the service. So if a customer wants to use FTP, then he has to check his email first, which will unlock FTP for his IP address for a short while. Shouldn't be that complicated to implement. Another option which I contemplated about is replacing FTP with "scp", the secury copy which comes with SSH. Fully encrypted transfer and there is a freeware windows client (WinSCP) available which looks and feels a lot like WS_FTP. But I still have a couple of customers which don't speak English and which most likely will be unable to handle software which has an English user-interface. -- Mit freundlichen Gr��en / With best regards Michael Stauber �Stauber Multimedia Design ____ Phone: �+49-6081-946240 �Eppsteiner Weg 9 ___ �D-61267 Neu-Anspach ___ Germany �SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
