April 10th, 2006, 05:30 AM
LOL!!!! I have been using Deny Hosts or other
Port Monitor Programs on my servers.....
I have a S&^%house full of block IP addresses
3 strikes and your OUT!!!
I have given up complaining to overseas ISP's.....
Your P*&&*ing in the wind....
Snort also does a nice job as well....
Franklin Werren at www.bagpipes.net
Yes I do play the Bagpipes!
And learning to Play the Bugle
April 13th, 2006, 04:40 PM
Well, in am attempt to make my setup a little more clear I have slapped together a jpeg'd autocad drawing to look at.. The address to grab it is as follows:
April 13th, 2006, 06:06 PM
I dont know if it is just me or the way I am viewing it but it is really hard to see it. Zooming in just makes it too blury to read.
Can you use a different app to draw it?
April 13th, 2006, 06:14 PM
Did you happen to download it and view it offline? If need be I can up the dpi and/or scale up the text... Let me know... Thanks..
April 13th, 2006, 06:19 PM
Yeah I saved it and tried zoooooming in but to no avail!
April 13th, 2006, 11:19 PM
Alright... I have posted the .pdf file on a free file server.. Maybe that will help.. thank you..
April 14th, 2006, 01:38 AM
OK, well your router is obviously showing the FTP server to the outside world - and letting people attempt to connect to it. As you have said that it only needs to be accessed locally, I would do one or all of the following:
Depending on the type of router you have look into deploying an ACL that will permit only traffic from 192.168.1.0/24 to any thing destined for your FTP server Which will be default block any IP address not in your network. So your router will not let any 'internet' traffic destined for your ftp server through.
You could move your FTP server off your router and put it on to switch 2. as this is the switch that connects the 2 buidings together so to speak - depending on the speed/bandwidth you have available to you of course.
You have 5 switches supporting 19 hosts (the routers just have a 4 port switch in them)...for me this is a tad exsessive and is just adding to network latency - if your switches are running in a 'store and forward' switching mode you could be slowing your network down considerably. You could even come down to just your 24 port switch if distance is not a factor!
My personal preference would be to connect all hosts up to either of the switches - not the routers - which is still basically acting as a switch I know but there is no need to have hosts connected to it. DHCP will still work through the switches - all though with just 19 hosts you could have static IPs or peremnant DHCP entries - which again will reduce the ammount of network traffic.
The router in Building 2 (it does not look like it is connected to a WAN of any kind?) if it is not, there is really no reason for it to be there,all it is doing at the moment is creating another Broadcast doamain for the 4 hosts attached to it - these four hosts could go straight into the switch.
Maybe look into getting a firewall hardware of software all you have protecting your network at the moment is whatever security features your router has!
All this is just my personal preference after looking at your drawing is all- obviously there is more than one way to configure a network! Someone elses idea may be totally different again!
Hope it helped!
April 14th, 2006, 05:38 PM
I'm sorry I might not have explained that the best, the FTP server is actually for customers from remote computers and not only for our personal LAN... Also I botched the building 2 section, there is actually a dsl modem connected to the router, I just left it out accidentally...
June 9th, 2006, 01:17 AM
It sounds like port knocking would be great for your network, granted your customers will need to get the proper sequence which could be a pain.
Try change FTP software, even windows FTP server is better than what you are using now.
Try changing the port to something else, at least this way he will have to show some initiative to find your FTP again.
Try Set-up a VPN so that they have to 2 factor authenticate before they can access your FTP