Mailinglist Archive: opensuse-security (471 mails)

["OKDesign oHG Security Webmaster" <security@xxxxxxxxxxx>]

> -----Ursprüngliche Nachricht-----
> Von: Stefan Suurmeijer [mailto:stefan@xxxxxxxxxxxx]
>
> Hi Peter,
>
> Hmmm, if you don't suppress version information on your ftp server, some
> script kiddie may have seen that you are using a vulnerable ftp server,
> and may now be trying to break in with different exploit scipts.
> There isn't much I can tell you about the pings. He may just be probing to
> see if your server is up, since his connects to your ftp server are
> suddenly failing. But it could be something else altogether.

Hello list,

IMHO this is something being done very often recently.
I have the same entries in my logs since about 4 weeks. As our server is
serving 50 IPs at the moment, I therefoe have 50 entries. Seems as if
someone or some ppl scan the net IP after IP for vulnerable ftp-servers. As
these scans origin from around the whole world it seems as if these ppl are
faking their destination-IPs.
As wuftpd (which I run at the moment)is known as vulnerable I consider
changing to proftpd.
Is it totally different from wuftpd in configuration and usage ?
Is it really more secure than wuftd ?
Is it possible with proftpd to have secure anonymous ftp, chroot for users,
and so on ?

TIA

--- Stephan