Re: Attemted Theft of Services via FTP

Subject: Re: Attemted Theft of Services via FTP
From: Patrick Callahan (pac1@tiac.net)
Date: Fri Mar 01 2002 - 04:26:40 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Patrick Ladam: "Re: Attemted Theft of Services via FTP"
• Previous message: Patrick Callahan: "Attemted Theft of Services via FTP"
• In reply to: Patrick Callahan: "Attemted Theft of Services via FTP"
• Next in thread: Patrick Ladam: "Re: Attemted Theft of Services via FTP"
• Reply: Patrick Callahan: "Re: Attemted Theft of Services via FTP"

On Fri, 1 Mar 2002 06:23:34 -0500
Patrick Callahan <pac1@tiac.net> wrote:

> I've just started running proftp so I can move files around my internal network.
> I'm connected to the internet by modem. and /var/log/secure contains a few entries like this.
>
> Probably harmless because they were'nt able to give a valid username and password. (anonymous logins are deliberately disabled)
>
> Feb 28 07:52:24 localhost proftpd[22095]: localhost.localdomain ([24.90.163.104]) - USER ftp (Login failed): Invalid shell.
> [root@localhost src]# ping 24.90.163.104
>

the ping was me trying to see if the user was still connected a day later. They weren't.

The /var/log/secure entry was just:

 Feb 28 07:52:24 localhost proftpd[22095]: localhost.localdomain ([24.90.163.104]) - USER ftp (Login failed): Invalid shell.

• Next message: Patrick Ladam: "Re: Attemted Theft of Services via FTP"
• Previous message: Patrick Callahan: "Attemted Theft of Services via FTP"
• In reply to: Patrick Callahan: "Attemted Theft of Services via FTP"
• Next in thread: Patrick Ladam: "Re: Attemted Theft of Services via FTP"
• Reply: Patrick Callahan: "Re: Attemted Theft of Services via FTP"

This archive was generated by hypermail 2a24 : Fri Mar 01 2002 - 04:40:57 MST