Recently we have found some failed login logs in event viewer. We come to know that it is a brute force attack. After proper log checking we come to know that it is happening from FTP so we have decided to change the FTP port from 21 to something different so we have made the changes in binding but after making changes when we tried to connect with new port we got below error. Windows firewall is not running but server is running behind the hardware firewall.
Status: Connecting to XXX.XXX.XXX.X:4152...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Command: USER 2013user
Response: 331 Password required for 2013user.
Command: PASS *********
Response: 530 User cannot log in.
Error: Critical error: Could not connect to server
Status: Connecting to XXX.XXX.XXX.X:4152...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I.
Command: PASV
Response: 227 Entering Passive Mode (XXX,XXX,XXX,X,208,67).
Command: LIST
Response: 150 Opening BINARY mode data connection.
Error: Connection timed out
Error: Failed to retrieve directory listing
Status: Connecting to XXX.XXX.XXX.X:4152...
Status: Connection established, waiting for welcome message...
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I.
Command: PASV
Response: 227 Entering Passive Mode (XXX,XXX,XXX,X,208,136).
Command: LIST
Response: 150 Opening BINARY mode data connection.
Error: Connection timed out
Error: Failed to retrieve directory listing