RE: [ cf-dev ] OT: NT security problem

[Peter Harrison]

http://www.nhtcu.org/ probably -----Original Message----- From: Peter Harrison [mailto:[EMAIL PROTECTED] Sent: 20 April 2004 14:12 To: [EMAIL PROTECTED] Subject: RE: [ cf-dev ] OT: NT security problem Hi   There is always http://www.cert.org/   Check the contact page and also trends: http://www.cert.org/present/cert-overview-trends/   You can also contact the Police.   - Peter -----Original Message----- From: Chris Tazewell [mailto:[EMAIL PROTECTED] Sent: 20 April 2004 14:03 To: [EMAIL PROTECTED] Subject: [ cf-dev ] OT: NT security problem Sorry for another Off Topic.   I've got a serious issue with one of my web servers where some twats have launched an attack on the box by trying to login through any of the ftp user accounts.   They're running a distributed attack from lots of PCs, which must be an automated process to try FTP-ing in with different combinations of usernames and passwords.   Consequently my server keeps having to lock ftp accounts after 5 failed login attempts. None of them have got through because I have a strict policy on passwords, which are all 8 characters with Upper case, lower case and alphanumerics. I'm not too worried about anyone getting through, but I've got hell on trying to allow clients access to their FTP ares.   I'm putting my hands up and admitting that this sort of thing is beyond me. I don't know how to get the server to ignore their attempts, since I have no IP addresses to block. Event viewer only shows a computer name, like:   \\C-REZBR67BA731T   Any ideas and help would be appreciated.   Taz