[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Is someone getting in on my FTP?

Subject: Re: [cobalt-security] Is someone getting in on my FTP?
From: Jay Summers <jay@xxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 27 Jun 2002 11:47:08 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> I just installed logcheck, and my paranoia is excessive.
> 
> Jun 27 17:26:24 ns proftpd[24660]: myip.myip.myip.myip
> (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session opened.
> Jun 27 17:26:24 ns proftpd[24661]: myip.myip.myip.myip
> (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session opened.
> Jun 27 17:26:25 ns proftpd[24660]: myip.myip.myip.myip
> (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session closed.
> Jun 27 17:27:52 ns proftpd[24661]: myip.myip.myip.myip
> (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session closed.

It's some cl0wn scanning your ftp server. Typically they're looking for an
anonymous ftp server to load up with warez. There are whole net blocks that
I've blocked with tcp-wrappers to cut down on this stuff.

HTH,
j
-- 
http://www.bizmanuals.com

Follow-Ups:
- Re: [cobalt-security] Is someone getting in on my FTP?
  - From: alan macdonald

References:
- [cobalt-security] Is someone getting in on my FTP?
  - From: Alan MacDonald

Prev by Date: Re: [cobalt-security] RaQ3-RaQ4-OpenSSH-3.4p1-1.pkg
Next by Date: Re: [cobalt-security] Is someone getting in on my FTP?
Previous by thread: [cobalt-security] Is someone getting in on my FTP?
Next by thread: Re: [cobalt-security] Is someone getting in on my FTP?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index