[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] FTP Probing/scanning - Question
- Subject: [cobalt-security] FTP Probing/scanning - Question
- From: "Render-Vue" <sales@xxxxxxxxxxxxxx>
- Date: Thu, 30 Aug 2001 15:48:39 +1200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi all,
Can anyone recommend a bullet proof way to stop this sort of probing on one
our RaQ3's the xxx.xxx.xxx.xxx denotes a range of IP's that we have on the
server.
This started two days ago and now looks like it's becoming a regular event
:< I've noticed recently a lot of comments about portsentry etctera would
this prevent or give me earlier warning - logs are manually checked twice a
day. We have not long taken over the lease on this box - have had sendmail
relaying spamming issues in the past and a customer using a shell connection
to relay spam through other servers. These other two issues have been
resolved now.
I'm more a windows man though quickly coming to terms with Cobalt
RaQ's/Linux
Aug 28 15:13:48 ns PAM_pwdb[25690]: check pass; user unknown
Aug 28 16:28:48 ns proftpd[32205]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - USER anonymous (Login failed):
Can't find user.
Aug 28 16:28:48 ns proftpd[32206]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - USER anonymous (Login failed):
Can't find user.
Aug 28 16:28:48 ns proftpd[32208]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - USER anonymous (Login failed):
Can't find user.
Aug 28 16:28:48 ns proftpd[32207]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - USER anonymous (Login failed):
Can't find user.
Aug 28 16:28:48 ns proftpd[32205]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - FTP session closed.
Aug 28 16:28:48 ns proftpd[32206]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - FTP session closed.
Aug 28 16:28:48 ns proftpd[32208]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - FTP session closed.
Aug 28 16:28:49 ns proftpd[32207]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - FTP session closed.
Aug 28 16:36:15 ns proftpd[32537]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - USER anonymous (Login failed):
Can't find user.
Aug 28 16:36:16 ns proftpd[32538]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - USER anonymous (Login failed):
Can't find user.
Aug 28 16:36:17 ns proftpd[32538]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - FTP session closed.
Aug 28 16:36:19 ns proftpd[32535]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - USER anonymous (Login failed):
Can't find user.
Aug 28 16:36:19 ns proftpd[32536]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - USER anonymous (Login failed):
Can't find user.
Aug 28 16:36:20 ns proftpd[32535]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - FTP session closed.
Aug 28 16:36:20 ns proftpd[32536]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - FTP session closed.
Aug 28 16:36:21 ns proftpd[32537]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - FTP session closed.
Aug 29 02:06:32 ns proftpd[24635]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - USER anonymous (Login failed):
Can't find user.
Aug 29 02:06:33 ns proftpd[24635]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - FTP session closed.
Aug 29 02:06:36 ns proftpd[24636]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - USER anonymous (Login failed):
Can't find user.
Aug 29 02:06:37 ns proftpd[24636]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - FTP session closed.
Aug 29 02:06:41 ns proftpd[24637]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - FTP session closed.
Aug 29 02:06:41 ns proftpd[24638]: xxx.xxx.xxx.xxx
(pD9034B56.dip.t-dialin.net[217.3.75.86]) - FTP session closed.
Thanks in advance
Chae