[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Is someone getting in on my FTP?
- Subject: Re: [cobalt-security] Is someone getting in on my FTP?
- From: Jay Summers <jay@xxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 27 Jun 2002 11:47:08 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> I just installed logcheck, and my paranoia is excessive.
>
> Jun 27 17:26:24 ns proftpd[24660]: myip.myip.myip.myip
> (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session opened.
> Jun 27 17:26:24 ns proftpd[24661]: myip.myip.myip.myip
> (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session opened.
> Jun 27 17:26:25 ns proftpd[24660]: myip.myip.myip.myip
> (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session closed.
> Jun 27 17:27:52 ns proftpd[24661]: myip.myip.myip.myip
> (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session closed.
It's some cl0wn scanning your ftp server. Typically they're looking for an
anonymous ftp server to load up with warez. There are whole net blocks that
I've blocked with tcp-wrappers to cut down on this stuff.
HTH,
j
--
http://www.bizmanuals.com