[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Should I be worried?
- Subject: Re: [cobalt-security] Should I be worried?
- From: "Eric" <eric@xxxxxxxxxx>
- Date: Mon, 25 Jun 2001 14:15:56 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Every once in a while I get these FTP session opened notices from Logcheck
by someone other than a customer but I was told by another administer not to
worry because the person can open a session but can't enter unless they have
a valid password. I take it that this isn't correct? If it isn't, can
someone tell me where I can find more info about how to close this? Thanks!
Jun 14 06:58:35 www proftpd[166]: www.****.com
(ppp-114.dialup-152.worldonline.fr[212.83.152.114]) - FTP session opened.
----- Original Message -----
From: Kai Schantz, Euroweb <kai@xxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Monday, June 25, 2001 9:35 AM
Subject: SV: [cobalt-security] Should I be worried?
> Yes You Should be worry if you had seen me question obout mystery zone
> transfers from my cobalt to a Belgium IP. This should not been posible
> becuse i have defined who can get nametransfers (only my other servers).
And
> why want a beligium server with our norwegian zones.?
>
> The worst part for me and you, is that as you can see (in my
zonetransfers)
> your Ftp comes from the same IP as mine Zone tranfers. I think we here are
> dealing with one who have a succsesfull hack recipe on cobalt raq4!! And
is
> atacking world-wide.
>
> Kai Schantz
> euroweb as
> Norway
>
>
> Jun 20 14:51:15 www named[555]: approved AXFR from
> [212.68.195.60].2356 for
> "cats.no"
> Jun 20 14:51:15 www named[555]: zone transfer (AXFR) of "cats.no" (IN) to
> [212.68.195.60].2356
>
>
>
>
> Hello,
> I have installed IPChains, Portsentry, Logcheck on my Raq 4 server. I am
no
> genious when it comes to security! Today I received the following with
> Logcheck. I have no customers etc. in Belgium(be)!
> Thanks,
> Declan.
>
> Unusual System Events
> =-=-=-=-=-=-=-=-=-=-=
> Jun 25 11:56:21 ns proftpd[14227]: 212.67.197.38
> (212.68.195.60.brutele.be[212.68.195.60]) - FTP session opened.
> Jun 25 11:56:22 ns proftpd[14228]: ns.achieve-it.com
> (212.68.195.60.brutele.be[212.68.195.60]) - FTP session opened.