OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Statu Nascendi (statu_nascendi_at_redmail.ro)
Date: Fri Oct 04 2002 - 16:51:07 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ftp scans are just common.
    just look in /var/log/daemon.log for ftp sessions -> opened,closed pairs or
    log the connections.

    Statu Nascendi,
    Master of Disaster

    ----- Original Message -----
    From: "Ted Parvu" <tedparvu.net>
    To: "Glen Tapley" <scorpioinfocent.com.au>
    Cc: <debian-securitylists.debian.org>
    Sent: Friday, October 04, 2002 9:08 PM
    Subject: Re: Report on last cmd

    > Not sure that your sendmail problem is related to this issue but...
    >
    > It looks like you have an anonymous ftp account enabled on your machine.
    > Considering that these IPs are logging in for less than one minute I
    > would venture to guess that "they" are scanning IPs looking for
    > anonymous ftp accounts that "they" can go back to later and use in
    > whatever way "they" want to.
    >
    > If you do not require outside anon ftp access I would suggest you block
    > the ftp port along with all the other ports that do not require outside
    > access.
    >
    > Also, if you are not in need of anon ftp, disable it.
    >
    > If you don't need ftp at all, disable the ftpd demon.
    >
    > I have noted that it is pretty common to see this sort of activity on a
    > system with anon ftp enabled.
    >
    > have fun,
    >
    > Ted
    >
    > On Fri, Oct 04, 2002 at 07:03:21PM +0800, Glen Tapley wrote:
    > > Hello
    > >
    > > I have been having a lot of trouble with my sendmail setup, someone is
    using my system. I have found that when I run the last cmd, I find a lot of
    strange entries such as
    > >
    > > ftp ftp p50852BD8.dip.t- Sun Oct 6 03:57 - 03:57 (00:00)
    > > ftp ftp p508ECDDA.dip.t- Sun Oct 6 03:37 - 03:37 (00:00)
    > > ftp ftp 212.171.38.1 Sat Oct 5 23:16 - 23:16 (00:00)
    > > ftp ftp 210.23.10.25 Sat Oct 5 18:40 - 18:40 (00:00)
    > >
    > > Can anyone tell me what these are, are they the result of programs
    accessing my TCP/IP addresses?
    > >
    > > Tx in advance.
    > >
    > > glt
    > >
    >
    > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    -=-=-
    > WAR IS GOOD
    > FREEDOM IS SLAVERY
    > IGNORANCE IS STRENGTH
    >
    >
    > --
    > To UNSUBSCRIBE, email to debian-security-requestlists.debian.org
    > with a subject of "unsubscribe". Trouble? Contact
    listmasterlists.debian.org
    > 

    -- 
To UNSUBSCRIBE, email to debian-security-requestlists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmasterlists.debian.org