You can use KRIPP to monitor FTP dictionary attacks where an attacker tries to guess a userid and password combination to break into an FTP server. You can block the attacking system with the
route command, e.g. route add 202.123.213.3 reject
to block all packets from 202.123.213.3. When the attacker has moved on to
other targets, you can remove the routing table entry with
route del 202.123.213.3 reject.
[ More Info ]
