[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Is this coincidence or what - FTP Scans
- Subject: RE: [cobalt-security] Is this coincidence or what - FTP Scans
- From: "Simon Wilson" <simon@xxxxxxxxxxxxx>
- Date: Wed, 17 Oct 2001 10:31:54 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Dear All
RE: my other post complaining about the same old faces attempting ftp log
ins and scans, I just went through last nights logchecks and look who's on
it.
Oct 17 00:23:06 ns1 proftpd[3527]: xxx.xx.xx.xxx
(AOrleans-101-1-3-198.abo.wanadoo.fr[217.128.165.198]) - FTP session opened.
Oct 17 00:23:06 ns1 proftpd[3527]: xxx.xx.xx.xxx
(AOrleans-101-1-3-198.abo.wanadoo.fr[217.128.165.198]) - no such user
'anonymous'
Oct 17 01:56:28 ns1 portsentry[1054]: attackalert: SYN/Normal scan from
host: user-v3qth40.biz.mindspring.com/199.174.196.128 to TCP port: 111
Surprise surprise, wanadoo and mindspring by the end of the day what's the
betting some creep from dip.t-dialin.net will join them.
Simon
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Gerald Waugh
Sent: 15 October 2001 05:52
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] Is this coincidence or what - FTP Scans
> I get hit from wanadoo as well. When the logs say FTP session opened and
> then closed right after it, are they making a connection in? I have
> annonymous FTP turn off...
>
No, they just connect then disconnect without attempting to log in.
I get them, dip.t-dialin.net and alot of mindspring all the time also.
Gerald
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security