|
Home > Archive > IIS FTP Server > September 2006 > Automatically block troublesome IP Addresses
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Automatically block troublesome IP Addresses
|
|
| Kirk Hilzinger 2006-09-18, 7:48 pm |
| Is there a way or software out there that will automatically block an IP
Address from connecting to an FTP server after a user definable number of
invalid logon attempts. Most of the attacks I get are for invalid user names
and I would like to just kick that person off the server all-together rather
than take up system resources and bandwidth. By the time I see it in the
log, the user is usually gone and I have to resort to reporting his IP
address to the ISP and blocking the IP at my hardware firewall.
If not, I would suggest this for the new version of IIS that comes with
Longhorn.
| |
| Walter Weiss 2006-09-19, 7:27 am |
| Hi
on the FTP sitemanager go to properties -> directory security there you can
block or allow any IP you want.
Walter
IIS support engeneer
"Kirk Hilzinger" <KirkHilzinger@discussions.microsoft.com> wrote in message
news:46016F04-872A-4A61-8D8A-9E58A74AE2C9@microsoft.com...
> Is there a way or software out there that will automatically block an IP
> Address from connecting to an FTP server after a user definable number of
> invalid logon attempts. Most of the attacks I get are for invalid user
> names
> and I would like to just kick that person off the server all-together
> rather
> than take up system resources and bandwidth. By the time I see it in the
> log, the user is usually gone and I have to resort to reporting his IP
> address to the ISP and blocking the IP at my hardware firewall.
>
> If not, I would suggest this for the new version of IIS that comes with
> Longhorn.
| |
| Bernard Cheah [MVP] 2006-09-19, 7:27 am |
| Not automatically......
Anyway, as for the request - this would best done at firewall/router level.
Even if IIS is able to auto block offensive IP, it still requires to
response with 403.6 status code. If the attack traffic is huge, IIS going to
suffer as well.
--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/
"Walter Weiss" <wewalt@hotmail.com> wrote in message
news:u4v01O82GHA.1068@TK2MSFTNGP05.phx.gbl...
> Hi
>
> on the FTP sitemanager go to properties -> directory security there you
> can block or allow any IP you want.
>
> Walter
> IIS support engeneer
>
>
> "Kirk Hilzinger" <KirkHilzinger@discussions.microsoft.com> wrote in
> message news:46016F04-872A-4A61-8D8A-9E58A74AE2C9@microsoft.com...
>
>
| |
| Kirk Hilzinger 2006-09-19, 1:31 pm |
| I was afraid that was the answer. I guess something more in the line of
intrusion protection. Thank you, anyway.
"Bernard Cheah [MVP]" wrote:
> Not automatically......
>
> Anyway, as for the request - this would best done at firewall/router level.
> Even if IIS is able to auto block offensive IP, it still requires to
> response with 403.6 status code. If the attack traffic is huge, IIS going to
> suffer as well.
>
> --
> Regards,
> Bernard Cheah
> http://www.iis.net/
> http://www.iis-resources.com/
> http://msmvps.com/blogs/bernard/
>
>
> "Walter Weiss" <wewalt@hotmail.com> wrote in message
> news:u4v01O82GHA.1068@TK2MSFTNGP05.phx.gbl...
>
>
>
| |
|
| Kirk Hilzinger wrote:[vbcol=seagreen]
> I was afraid that was the answer. I guess something more in the line of
> intrusion protection. Thank you, anyway.
>
> "Bernard Cheah [MVP]" wrote:
>
Hi, I am developing a service to do just what you want. I am having
problems getting the block list to work immediately. As soon as I get
this fixed I will let this list know where the app can be downloaded from.
I have written the app specifically for Win2k3 and IIS but theoretically
it could be converted for other servers as well.
Regards, Don.
|
|
|
|
|