windows firewall

[Rob Bresnik Mobile PC DR.]

I have windows xp and use it as an FTP server on port 21. I was wondering
how to make this a secure port, yet allow traffic to come in and read/write.
I use it for backing up data from various computers. I have "allow
anonymous connections" turned off...but i still seem to be getting unknown
activity. I also have Windows firewall turned on with port 21 as an
exception. any tips?

 

[Dan DiNicolo]

Unfortunately, there's no real way to "secure" the port - you're saying you
want it open for connections. However, FTP is a well-known service, and
everyone knows FTP servers are located on port 21 - many people scan for
this port, and then try to connect anonymously - this is likely the activity
you're seeing.

Having said that, a better option would be to switch your FTP server to use
a different port, something high and random - like 63777, for example. Then,
open this firewall port as an exception. Of course, your clients will need
to connect to the new port, so they would need to be configured to do so.
Most "scanners" can't be bothered to scan through engine port range - they
go after common ports, like FTP and those associated with remote
connections.

Good luck,
Dan

 

[Rob Bresnik Mobile PC DR.]

OK...sounds good...it makes sense to use a random port...wonder why 21 is
the "default"? I only have 4 clients right now, so it shouldn't be hard to
redirect them...glad i found this out before i acquired large numbers.

did you see my other post about the mysterious folders that appeared? it was
this one (any ideas how to get rid of these folders? i tried removing from
cmd line using dir /x but they woudn't go away.

Hello...my windows xp machine is used as an FTP server (port 21) and i have
a folder called "datasafe" on the c: drive. i basically back up some files
from a remote location to this folder. in this folder, i found this
mysterious folder with all of the following subdirectories:

C:\Datasafe\ \ \ \com3\**** \com1\ScanneD \com9\by
\com7\Crack02\com1\TaGGeD \com5\by \com7\for raid-rush-board\com2\
\with Neo1907´s PuB-tAgGeR \com2\uPPed \aux\BY \com8\by die_zarte\com6

anyone know what this is? it obviously looks someone hacked in
there...can't delete any of the directories as it says "cannot read from the
source disk".

how do i get rid of this? does anyone know what this is from?

 

[NobodyMan]

OK...sounds good...it makes sense to use a random port...wonder why 21 is
the "default"? I only have 4 clients right now, so it shouldn't be hard to
redirect them...glad i found this out before i acquired large numbers.

did you see my other post about the mysterious folders that appeared? it was
this one (any ideas how to get rid of these folders? i tried removing from
cmd line using dir /x but they woudn't go away.

Hello...my windows xp machine is used as an FTP server (port 21) and i have
a folder called "datasafe" on the c: drive. i basically back up some files
from a remote location to this folder. in this folder, i found this
mysterious folder with all of the following subdirectories:

C:\Datasafe\ \ \ \com3\**** \com1\ScanneD \com9\by
\com7\Crack02\com1\TaGGeD \com5\by \com7\for raid-rush-board\com2\
\with Neo1907´s PuB-tAgGeR \com2\uPPed \aux\BY \com8\by die_zarte\com6

anyone know what this is? it obviously looks someone hacked in
there...can't delete any of the directories as it says "cannot read from the
source disk".

how do i get rid of this? does anyone know what this is from?

Yes, and so do you. As you were told, port 21 is very commonly
scanned and was open on your machine. Somebody got through to your
machine on port 21 and left you this little present. I don't know how
you can delete it yet, but you could try to do so from the Command
Prompt.