OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] strange ftp-scan
From: Kurt Seifried (listuserseifried.org)
Date: Sat Oct 07 2000 - 04:28:14 CDT

> Hello,
> today I got about 50 messages like the following in /var/log/messages:
> Oct 7 10:11:51 gmv wu.ftpd[14694]: connect from 211.56.234.227
> Oct 7 10:11:51 gmv ftpd[14694]: FTP session closed
> ... and it's still going on!
> What could be the deeper meaning, when someone it making connections the
> whole day long?
> Any hint is appreciated!
> Peter

WuFTPD has more security holes then a .... well actually it's in my top 10
for "most insecure software ever written and maintained". There are
_several_ root hacks for it in this year alone. I wouldn't use WuFTPD if
someone had a gun to my head.

> P.S.: I'm running wu-2.4.2-academ[BETA-18](1)

Then it's time to shutdown the box, look for signs of intrusion and probably
do a clean install. WuFTPD 2.6.1 is the latest, all previous versions have a
variety of nasty security problems (like granting remote root access to
attackers).

ProFTPD. It's much better. http://www.proftpd.net/

> --
> Peter Münster

Kurt Seifried - seifriedsecurityportal.com
SecurityPortal, your focal point for security on the net
http://www.securityportal.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com