On Wed, Dec 20, 2000 at 09:16:43AM -0800, Michael Smith wrote: > I've noticed a gradual increase in ftp attempts over the last month. If > you're > not running ftp services, block out the port: > ipchains -A input -p TCP -s 0.0.0.0/0 -d 0.0.0.0/0 21 -j REJECT
you might want to add a rule that does [source|destination] port 20:21, as well. i've seen quite a few scans that use that exact technique to try to pass through my filters (after all, *I* want to use ftp, so it's only obvious i allow remote port 20:21 to go unnoticed and unmolested). -- -m When you are having a bad day, and it seems like everybody is trying to piss you off, remember that it takes 42 muscles to produce a frown, but only 4 muscles to work the trigger of a good sniper rifle.
