Gary
Wed Nov 19 00:38:17 CST 2003
Thanks for the info on VPN's... that may work for what we need to do.
As for authenticating the FTP server... I left it open cause everybody says
to... If I put a password on it then cant anybody just intercept my packets
and view the plain text password?
"Javier Gomez" <javier_gomez@remove.this.bit.engineer.com> wrote in message
news:%23VaSjZlrDHA.2416@TK2MSFTNGP10.phx.gbl...
> Apart from Craig's excellent advice... why don't you outsource the FTP
> server? for sometimes less than $10 a month is not worth exposing IIS via
> FTP (or dealing with this sort of stuff) :-)
>
> BTW-> How were you autheticating on the FTP server? From the last line on
> the first post it sounds like you didn't have any passwords... I hope I'm
> just misreading. Spoofing IP addresses is not really difficult to do.
>
> --
> -Javier
>
> << SBS ROCKS !!! >>
>
> "Craig Iedema" <ciedema@yahoo.com.au> wrote in message
> news:%232sXVLlrDHA.2148@TK2MSFTNGP12.phx.gbl...
> > Hi Gary,
> >
> > Even if you decided to get SSH, I would still recomend having ISA on the
> > server. Just letting in the SSH ports anyway does not seem to be an
> option.
> > If it is for a not for profit the SSH is free.
> >
> > The VPN stuff is not at difficult to setup check out this link
> >
http://www.smallbizserver.net/sbs2000/remote.aspx
> >
> > Note if do this you need not use all ftp stuff at all (though you still
> > can). If you are scripting what you need to do you can just use normal
> dos
> > commands (net use, copy, xcopy etc).
> >
> > As far exactly how they hacked in I am not sure, I know last year when I
> had
> > first run up the server we got the SQL Slammer over a dial up connection
> > with in an hour or 2.
> >
> > These guys are out there running port scans all the time, we actually
run
> > two firewalls since getting our broadband connection and from the first
> > firewall we only port forward some specific services to the ISA server
> > (mail, VPN and DNS).
> >
> > Craig
> >
> >
> >
> > "Gary Peacock" <email1@lighthouse-its.com> wrote in message
> > news:Os2dnbw3lIwUfCei4p2dnA@comcast.com...
> > > Checked out SSH and it looks like a neat solution. To bad I spent all
> my
> > > budget on SBS to get ISA server.
> > >
> > > VPN is an option, but Id like to keep the solution as simple as
> possible.
> > >
> > > I thought by only allowing certain ip addresses through to the FTP
> server
> > it
> > > might as well have only been on my internal netowrk (to all but those
> few
> > > ip's on the list). Are people able to spoof IP addresses, and if so
how
> > did
> > > they guess the right one? I had this server running for two days
before
> > it
> > > got hacked... What a world we live in.
> > >
> > > "Craig Iedema" <ciedema@yahoo.com.au> wrote in message
> > > news:OAt6EjkrDHA.2060@TK2MSFTNGP10.phx.gbl...
> > > > Hi Gary,
> > > >
> > > > Have you considered using VPN as alternate option? Once connected
> the
> > > vpn
> > > > has full secure access to your network. You could even enable the
ftp
> > > > server on the internal nic only, so could be seen once the VPN
> > connection
> > > is
> > > > established, but hidden and not accessible from the internet.
> > > >
> > > > The Other possible solution would be to install an SSH server and
use
> > SSH
> > > > file transfer, check out www.ssh.com.
> > > >
> > > > HTH
> > > >
> > > > Craig
> > > >
> > > > "Gary Peacock" <email1@lighthouse-its.com> wrote in message
> > > > news:kPCdnah8cP-_TieiRVn-tA@comcast.com...
> > > > > Hi everybody.
> > > > >
> > > > > We have a W2000 FTP server set up behind ISA (SBS version). I
have
> > > setup
> > > > a
> > > > > server publishing rule in ISA to only route requests from certain
IP
> > > > > addresses to the FTP server. I tested it from an ip address not
in
> > the
> > > > list
> > > > > and no access was granted. I figured this was all I needed to do
to
> > > keep
> > > > it
> > > > > as secure as possible...
> > > > >
> > > > > I was wrong
> > > > >
> > > > > So my ftp server was hacked, all my files were deleted and a bunch
> of
> > > > > non-windows files (the really hard to delete ones) were added.
What
> > > more
> > > > > can I do to secure this server?
> > > > >
> > > > > We dont want to use password authentication cause the damn things
> are
> > > send
> > > > > in plain text... any other options?
> > > > >
> > > > > Thanks
> > > > > Gary
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>