Serv-U mFTP Gateway - Security

Security... and not feeling so.

In logs on mFTP domain facing Gateway there are many brute force attempts to Connect and to Login

I've set the limit to catch & block forever many attempts in short period of time vs a user who attempts a few times in a longer period of time, they too can be blocked forever

Server (desktop) Firewall is OFF to accept any IP on this domain to partners who work remote without static IP

Questions in no particular order

Firewall (desktop) configuration, is Off correct? If not correct is there any guidance/best practice on FW configuration?

Blocked IP by |Limits & Settings, |Connection Settings, |Block Settings...
a) when IP are added by these Settings, 1) they're not noted as such, 2) how to know how an IP was added to the Domain Deny List?
b) how to un-block an IP ?

Serv-U appears to be our only security and eventually the current version will be deemed Not Secure, so before then how do we close the gap?


Thanks,
JeffP...

Parents
  • b) how to un-block an IP, find it in the list of Deny and remove (do not set to allow, simply remove)

  • One aspect is that it takes the entire Time to Block, meaning if the limit were
    4 Times in 8 Seconds, then the Block will not occur after 5 time until/unless 8 seconds have elapsed

    Instead the rule implies that exceeding 4, at the 5th attempt at [02] Sat 26Feb22 13:31:31 the block/Connection denied should have occurred, instead it wasn't until after the 6th attempt and 8 seconds elapsed

    Is the above as intended? Meaning if the limit were 10 times in 60 seconds, the IP would Not be blocked if they tried 100 times until 60 seconds elapsed...

Reply
  • One aspect is that it takes the entire Time to Block, meaning if the limit were
    4 Times in 8 Seconds, then the Block will not occur after 5 time until/unless 8 seconds have elapsed

    Instead the rule implies that exceeding 4, at the 5th attempt at [02] Sat 26Feb22 13:31:31 the block/Connection denied should have occurred, instead it wasn't until after the 6th attempt and 8 seconds elapsed

    Is the above as intended? Meaning if the limit were 10 times in 60 seconds, the IP would Not be blocked if they tried 100 times until 60 seconds elapsed...

Children
No Data