Could anyone provide information on how to block a specific client machine from being able to log onto anonymous ftp?

Hey,

which FTP-Server do you use?
Every FTP-Server has a config file, here you can filter every user.

CU
lowbyte

Or if it's a particular IP address, drop it in hosts.deny

We are using Redhat Linux.

When I use the "last command" the attacking server's ID shows as "can59-4-82-240-1". Can this be used as the IP address in the hosts.deny file.
For example would this work?
ALL : can59-4-82-240-1

That looks truncated. Do you know the full domain name for that?

Many ISPs have a convention to put the IP address in the host name for dynamic (dial-up or home ADSL) users. By that convention, it would look like the IP address for this host would be 59.4.82.240, or possibly 4.82.240.1 (or maybe even 1.240.82.4 or 240.82.4.59; but those are not valid / allocated anyway).

Sometimes the reverse DNS is missing, and in that case, using the host name won't work. The DNS lookup will take time anyway, so using the bare IP address is probably more efficient.

If this is a dynamic user, they could come up at a different IP address the next time they reconnect to their ISP.

Have you tried contacting the attacker's ISP, by the by?

whois -h whois.arin.net 59.4.82.240 suggests this is in Korea, but if that's the wrong IP address, that's of course just a red herring. 4.82.240.1 belongs to Level 3 / Genuity.