Subject: Re: Attemted Theft of Services via FTP
From: Patrick Callahan (pac1@tiac.net)
Date: Fri Mar 01 2002 - 04:26:40 MST
On Fri, 1 Mar 2002 06:23:34 -0500
Patrick Callahan <pac1@tiac.net> wrote:
> I've just started running proftp so I can move files around my internal network.
> I'm connected to the internet by modem. and /var/log/secure contains a few entries like this.
>
> Probably harmless because they were'nt able to give a valid username and password. (anonymous logins are deliberately disabled)
>
> Feb 28 07:52:24 localhost proftpd[22095]: localhost.localdomain ([24.90.163.104]) - USER ftp (Login failed): Invalid shell.
> [root@localhost src]# ping 24.90.163.104
>
the ping was me trying to see if the user was still connected a day later. They weren't.
The /var/log/secure entry was just:
Feb 28 07:52:24 localhost proftpd[22095]: localhost.localdomain ([24.90.163.104]) - USER ftp (Login failed): Invalid shell.
This archive was generated by hypermail 2a24 : Fri Mar 01 2002 - 04:40:57 MST