OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: AW: [suse-security] strange ftp-scan
From: OKDesign oHG Security Webmaster (securityokdesign.de)
Date: Sat Oct 07 2000 - 15:25:24 CDT

> -----Ursprüngliche Nachricht-----
> Von: Stefan Suurmeijer [mailto:stefansymbolica.nl]
>
> Hi Peter,
>
> Hmmm, if you don't suppress version information on your ftp server, some
> script kiddie may have seen that you are using a vulnerable ftp server,
> and may now be trying to break in with different exploit scipts.
> There isn't much I can tell you about the pings. He may just be probing to
> see if your server is up, since his connects to your ftp server are
> suddenly failing. But it could be something else altogether.

Hello list,

IMHO this is something being done very often recently.
I have the same entries in my logs since about 4 weeks. As our server is
serving 50 IPs at the moment, I therefoe have 50 entries. Seems as if
someone or some ppl scan the net IP after IP for vulnerable ftp-servers. As
these scans origin from around the whole world it seems as if these ppl are
faking their destination-IPs.
As wuftpd (which I run at the moment)is known as vulnerable I consider
changing to proftpd.
Is it totally different from wuftpd in configuration and usage ?
Is it really more secure than wuftd ?
Is it possible with proftpd to have secure anonymous ftp, chroot for users,
and so on ?

TIA

--- Stephan

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com