[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Should I be worried?
- Subject: [cobalt-security] Should I be worried?
- From: johan@xxxxxxxxxx
- Date: Tue, 26 Jun 2001 12:20:39 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi there,
> Unusual System Events
> =-=-=-=-=-=-=-=-=-=-=
> Jun 25 11:56:21 ns proftpd[14227]: 212.67.197.38
> (212.68.195.60.brutele.be[212.68.195.60]) - FTP session opened.
> Jun 25 11:56:22 ns proftpd[14228]: ns.achieve-it.com
> (212.68.195.60.brutele.be[212.68.195.60]) - FTP session opened.
I get these every now and again (in /var/log/messages), but it appears to be
harmless(?):
Jun 25 16:44:34 www proftpd[1221]: 216.xx.xx.xx
(cr343120-a.slnt1.on.wave.home.com[24.114.67.151]) - USER anonymous (Login
failed): Can't find user.
Jun 25 16:44:35 www proftpd[1221]: 216.xx.xx.xx
(cr343120-a.slnt1.on.wave.home.com[24.114.67.151]) - FTP session closed.
And this is from /var/log/secure:
Jun 25 16:44:34 www in.proftpd[1221]: connect from 24.114.67.151
Here is a list of IP's that tried to gain access during the last week:
- (213-193-168-86.adsl.easynet.be[213.193.168.86])
- (cr343120-a.slnt1.on.wave.home.com[24.114.67.151])
- (p3EE2471D.dip.t-dialin.net[62.226.71.29])
- (a194-109-224-201.adsl.xs4all.nl[194.109.224.201])
- (ABayonne-101-1-2-41.abo.wanadoo.fr[217.128.82.41])
- (61.76.195.24[61.76.195.24])
- (cx337781-a.alsv1.occa.home.com[24.15.142.186])
- (u011.d017166210.ctt.ne.jp[210.166.17.11])
Where do these people find our servers? From the Cobalt lists, or perhaps by
trying address blocks assigned to well-known RaQ ISP's?
Rgrds,
Johan
---------------------------------------------
This message was sent using M-Web Airmail.
http://airmail.mweb.co.za/