FTP Attempts

[Newcomb, Kelly]

I'm getting repeated (regular intervals) ftp attempts to my firewall from an
address (208.24.82.140) that I can't seem to track down. While the attempts
are being blocked, the continuing log messages are annoying. This has been
going on for quite a while now, and I'm wondering if something got caught in
a loop and the attempts may not be malicious. (on the other hand... 8-O)
Any thoughts?

TIA,
Kelly
---
Kelly Newcomb, CISSP
Technical Risk Assessment Consultant
Texas Guaranteed Student Loan Corp.
E-Mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 


                -----Original Message-----
                From:   Chris Shenton [mailto:[EMAIL PROTECTED]]
                Sent:   Wednesday, September 01, 1999 9:47 AM
                To:     Curt Hefflin
                Cc:     [EMAIL PROTECTED]
                Subject:        Re: dailup security

                On Wed, 1 Sep 1999 09:19:52 -0400, "Curt Hefflin"
<[EMAIL PROTECTED]> said:

                Curt> We have a pretty good firewall protecting our network
from the
                Curt> Internet. However, we have well over 200 users with
dail-up
                Curt> access via an Acsend box with RADIUS authentication.
What are
                Curt> some of the risks of having this type of access into
our network
                Curt> and can these things be cracked.  

                If someone can find out or guess your phone number, then
daemon
                dialers can guess passwords and user names. This could be
aided if
                outsiders can learn about your usernames (e.g. through your
web pages,
                directories, or other public info). And most users choose
poor
                passwords so password cracking programs won't have to be too
                sophisticated. 

                At one site I worked on we separated the dialin gear from
the internet
                and internal LAN so we could apply distinct rulesets and
minimize
                attacks on the RADIUS servers, or from the dialin to the
inside.

                        Internet
                            |           |- Dial-in NASes
                        Firewall -------+ 
                            |           |- RADIUS servers
                        PrivateNet

                We then realized our greatest vulnerability was weak
passwords and
                users sharing their passwords with friends, family, etc. So
we got
                SecurID tokens and integrated that into RADIUS.

                I'd do the hardware token thing again but I'd look around at
competing
                token products; their docs and support suck, and I gather
they require
                tons of ports open if you want to leverage their ACE server
(say) from
                inside the firewall.
                -
                [To unsubscribe, send mail to [EMAIL PROTECTED] with
                "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]