OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] strange ftp-scan
From: Stefan Suurmeijer (stefansymbolica.nl)
Date: Sat Oct 07 2000 - 12:32:32 CDT

Hi Peter,

On Sat, 7 Oct 2000, Peter Münster wrote:

 
> However, thank you all, for the hints to better ftp-daemons!
>
> But there is still the same question: what could be the sense in doing a
> ftp-connection very 5 minutes and also ICMP echo requests (pings).
> There is no more process listening on port 21 (no more ftp in inetd.conf)
> but there are still the same attempts:
>

Hmmm, if you don't suppress version information on your ftp server, some
script kiddie may have seen that you are using a vulnerable ftp server,
and may now be trying to break in with different exploit scipts.
There isn't much I can tell you about the pings. He may just be probing to
see if your server is up, since his connects to your ftp server are
suddenly failing. But it could be something else altogether.

Stefan

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com