Andrew Lee
asked on
Create rule on Draytek 2800 ADSL router for incoming FTP traffic
Hi,
I have an ADSL Draytek 2800 router on a site, customer has SBS 2003 hanging off this with small domain, bullet proof ftp is running on the server, currently a port rule is in place so incoming TCP port 25 traffic hits that server, however i've noticed someone is brute force attacking it trying to guess usernames / passwords
The main data we need to come in, is only coming from one IP (webserver), I would like to create a rule that will ONLY allow port 25 tcp traffic through to the SBS server IF it comes from IP address X
That way everyone else can run port scans and won't get a reply on that port, thus stopping people trying to attack it
Anybody know how / best way to setup the rule on the 2800 draytek ?
Please advise,
Regards
I have an ADSL Draytek 2800 router on a site, customer has SBS 2003 hanging off this with small domain, bullet proof ftp is running on the server, currently a port rule is in place so incoming TCP port 25 traffic hits that server, however i've noticed someone is brute force attacking it trying to guess usernames / passwords
The main data we need to come in, is only coming from one IP (webserver), I would like to create a rule that will ONLY allow port 25 tcp traffic through to the SBS server IF it comes from IP address X
That way everyone else can run port scans and won't get a reply on that port, thus stopping people trying to attack it
Anybody know how / best way to setup the rule on the 2800 draytek ?
Please advise,
Regards
Please have a look at the link below:
http://www.draytek.co.uk/support/kb_vigor_portforwarding.html
Please implement and update.
Thank you.
http://www.draytek.co.uk/support/kb_vigor_portforwarding.html
Please implement and update.
Thank you.
Oppps posted in wrong window; please excuse.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey guys, sorry typo on my part meant port 21 not 25 !
Will review comments above and come back to you, thank you !
Will review comments above and come back to you, thank you !
The problem with FTP (and why it is normally best to use the well known port 21) is that ftp actually uses two connection and thus two ports. One for the command/control connection and one for the actual data transfer. And to confuse the matter more, there are two types of data transfers connections; active and passive.
When doing active ftp data transfers the server actually becomes the client for the data transfer. The server initiates an outbound connection from port 20 to a random port on the client. The client told the server what port to connect to on the PORT command.
When doing passive data transfers the client will initiate the data transfer connection to the server. The server tells the client what port to connect back to it with on the PASV command.
Normally firewalls will watch all traffic on port 21 and watches for PORT and PASV commands and they dynamically allows that traffic through.
Now, reading the V3.0 users guide you can setup firewall rules where you can define specific IP addresses (both source and destination) for both WAN to LAN or LAN to WAN traffic. What what you should be able to do is setup a firewall rule for WAN to LAN and specify the source IP address for the traffic you want to allow inbound for ftp.