Netstat +kill

Guest · May 8, 2006

Is there a command to "kill" an address that is attached to my port 21?
I run an FTP server (not Microsoft) and I occasionally get those attempted
break ins. Using netstat I can see the addresses attached, but because the
attacker can not logon to the ftp service I can not use the FTP service's
"kill" function. I can not stop the service because other legit users maybe
upload/downloading files. Is the some command I can use to kill the
attacker's specific address?

Pegasus \(MVP\) · May 8, 2006

Rick K said:
Is there a command to "kill" an address that is attached to my port 21?
I run an FTP server (not Microsoft) and I occasionally get those attempted
break ins. Using netstat I can see the addresses attached, but because the
attacker can not logon to the ftp service I can not use the FTP service's
"kill" function. I can not stop the service because other legit users maybe
upload/downloading files. Is the some command I can use to kill the
attacker's specific address?

You should set up rule in your hardware firewall that permits access
to port 21 only from a specific set of addresses.

Guest · May 8, 2006

That is not a practicle solution as we do not know the addresses of our
customers, plus their addresses can change. We can block a specific address
in the firewall, but that's only after the fact.

Pegasus \(MVP\) · May 8, 2006

In this case you should give each customer a specific port
number to use and translate it to port 21 at the firewall.
For example:
Customer A Port 19921
Customer B Port 29921
Customer C Port 39921

This will greatly reduce your exposure because hackers
scan those ports that are likely to yield results, i.e. the
know ports below 1000 plus the ports for popular
applications such as 1723, 3389, 5900.

Guest · May 8, 2006

Thanks for the suggestions, but again this is not practicle given to type of
users and the number of users. The issue is killing that ip address that is
trying to break into the FTP server. Without effecting other users.

Frankster · May 8, 2006

The TCPView free utility from Sysinternals.com will do what you want.

http://www.sysinternals.com/Utilities/TcpView.html

I use my firewall interface to accomplish this.

-Frank

Guest · May 8, 2006

Thanks, that's what I was lokking for..

Frankster said:
The TCPView free utility from Sysinternals.com will do what you want.

http://www.sysinternals.com/Utilities/TcpView.html

I use my firewall interface to accomplish this.

-Frank

Question about browsing ftp sites and security	2	Jan 24, 2006
Kill single thread	2	May 19, 2009
Problem with Kill Syntax!	1	Aug 31, 2012
Sending mail from outlook using VBA masro	1	May 23, 2014
c# updater question	1	Aug 24, 2011
FTP Clients can not connect	2	Dec 12, 2008
'netstat' and '-f inet' option	2	Feb 20, 2010
at cmd prompt: netstat just blinks on then off	2	Sep 9, 2008

Netstat +kill

Guest

Pegasus \(MVP\)

Guest

Pegasus \(MVP\)

Guest

Frankster

Guest

Ask a Question

Similar Threads