5

Is there any way possible to restrict user to make a connection to the FTP server on my Windows XP computer? I have an FTP server established in Windows XP and now I want to make access to that FTP server restricted to deny brute force attacks.

If the machine was Linux then I would use an iptables chain to restrict users' connection attempts, for example to deny user after 6 connection attempts in one second.

So can I do this in Windows?

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
Bhavik Ambani
  • 321
  • 4
  • 12
  • There is the Windows firewall or the FTP server allowed/denied IP addresses. Also FTP under Windows uses NTFS permissions, are you using FAT or NTFS for your file system? – Bernie White Jan 30 '12 at 06:24
  • I want windows firewall and I am using NTFS as file system. – Bhavik Ambani Jan 30 '12 at 08:13
  • Updated to make the question more readable, and to use appropriate tags. Please have a look to check I kept the meaning you intended. – Rory Alsop Jan 30 '12 at 11:33
  • While I am not sure about Windows Firewall on Windows XP, I do know that Windows 10 firewall allows you to create a block all except rule for either your outbound or inbound traffic. I am not sure about FTP being a specific protocol on the list, but you can make an ANY protocol; ANY IP; rule and white-list the IPs of your clients. Side Note: Win XP is EOL. If you are hosting an FTP server, I highly recommend that you go ahead and upgrade your OS either to some Linux distro or take the free win 10 upgrade. – Allison Wilson May 23 '16 at 17:12

3 Answers3

3

Have you thought about just using the windows firewall API? Should give you more than enough control based on what you are trying to do.

doyler
  • 602
  • 4
  • 11
3

Windows XP's firewall does not do the connection-limiting that you are asking for.

To limit the number of connections, you would have to use a different firewall that had that feature, or look to see if the FTP server you are using had a similar feature.

Free Windows FTP Server: FileZilla

To limit incoming connections in FileZilla: File -> Site Manager -> Transfer Settings -> Limit number of simutaeous connections

schroeder
  • 123,438
  • 55
  • 284
  • 319
0

First of all you have to keep in mind that Windows XP's built-in firewall doesn't have the capability to apply the rules you described. Plus, even if it did, packets would still get dropped by the same machine that's handling the actual FTP connections, so it would still be recommendable to put a separate firewall (or Linux box) in front of it, just for firewall/NAT purposes.

On top of that, using Windows XP's built-in FTP server is also not a good idea, as it's too integrated with the OS and it would force you to create OS user profiles and manage ACLs through NTFS permissions. Therefore I would opt for a different type of server, with FileZilla Server and Syncplify.me Server! being two of such options.

FileZilla Server is free for any use, and allows you to limit the number of simultaneous connections. Syncplify.me Server! is free for personal use, but the paid editions allow you to limit not only the number of simultaneous connections but also how many of them are allowed from the same IP address, and how many "attempts" are allowed in how much time (window) before automatic temprary/permanent blacklisting.

(Disclaimer: I am the author of Syncplify.me Server)

FjodrSo
  • 321
  • 1
  • 5