Block FTP brute force attempts

Hi all,

I frequently see brute force attempts at finding usernames in my FTP server logs all of the time.  Someone will try to connect to the FTP server from an IP address (usually coming from China) repeatedly, using a dictionary attack of different usernames A through Z.

Does anyone have any ideas on how to block an IP from attempting to connect after 10-15 attempts?  

I'd like to be able to do this on the firewall level, as we have a SonicWALL NSA 3500, and this would prevent any unneccassary traffic from entering the network.  But if we had to do it on the server level, it's IPswitch WSFTP Server 6.1.

Any ideas?

Thanks!
LVL 1
ITDeptAtPCSAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
You won't be able to do this - its either block it always or allow it
0
decoleurCommented:
I do not know what you can do on the SonicWall but on a Cisco firewall you can set up an FTP proxy that can shun a client after repeated failed attempts. I would look and see if the FTP proxy is a capability of the Sonic Wall as most vendors seek feature parity.

hope this helps,

-t
0
Keith AlabasterEnterprise ArchitectCommented:
Ahhh.... Cisco - if only :)
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

rsivanandanCommented:
I just read this http://www.infoworld.com/d/security-central/sonicwall-nsa-death-malware-569, looks like your SonicWall may be able to provide you the service you want either with built-in signatures or custom idp signatures?

Cheers,
Rajesh
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keith AlabasterEnterprise ArchitectCommented:
Hey matey - very long time - no speak :)
0
rsivanandanCommented:
Was pretty busy Keith ( a critical project hanging on my head :-) ), also was out on vacation after long while.

Cheers,
Rajesh
0
ITDeptAtPCSAuthor Commented:
no longer an issue
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.