[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] (no subject)
- Subject: Re: [cobalt-security] (no subject)
- From: Marc Soda <msoda@xxxxxxxxx>
- Date: Sat, 21 Apr 2001 13:50:03 -0400 (EDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The proftpd messages are just Cobalts swatch program checking to see if
every that is suppose to be running is. As for port 137, that's Windows
broadcasting crap to anything that will listen. If you have a lot of
Windows boxes on your subnet you'll see that often.
On Sat, 21 Apr 2001, Terrance Dwyer wrote:
> Just started seeing lot's of these entries in syslog:
>
> Apr 20 23:15:01 www proftpd[5807]: www.xxx-xxxx.com (localhost[127.0.0.1]) -
> no
> such user 'anonymous'
> Apr 20 23:15:01 www proftpd[5807]: www.xxx-xxxx.com (localhost[127.0.0.1]) -
> no
> such user 'anonymous'
> Apr 20 23:15:01 www proftpd[5807]: www.xxx-xxxx.com (localhost[127.0.0.1]) -
> FTP
> session closed.
>
> Any idea what might be doing this?
>
> Also, PortSentry reports lots of Port 137 scans?
>
> Any ideas greatly appreciated.
>
> TD
> td@xxxxxxxx
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
- --
Marc Soda
ASPRE, Inc.
marc@xxxxxxxxx
http://www.aspre.net/
Managed e-Business Application Services
- ---------------------------------
t. 215.957.2266 Ext. 2144
f. 215.957.2277
c.215.840.1633
113 Rock Road
Horsham, PA 19044
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE64chV8/oGPCGMSEgRAmMQAJ4k0Kw30JzE4vAxRb33CZhFykmH9wCg+PQu
m257uxOeF/PzBCZUmMBv9tU=
=lLgO
-----END PGP SIGNATURE-----