![](https://seccdn.libravatar.org/avatar/bbb8bbe88d3c0ebe19dc932cfa0b693c.jpg?s=120&d=mm&r=g)
However, thank you all, for the hints to better ftp-daemons!
But there is still the same question: what could be the sense in doing a ftp-connection very 5 minutes and also ICMP echo requests (pings). There is no more process listening on port 21 (no more ftp in inetd.conf) but there are still the same attempts:
Hmmm, if you don't suppress version information on your ftp server, some script kiddie may have seen that you are using a vulnerable ftp server, and may now be trying to break in with different exploit scipts. There isn't much I can tell you about the pings. He may just be probing to see if your server is up, since his connects to your ftp server are suddenly failing. But it could be something else altogether.
That is so utterly stupid. Most script kiddie attacks I have seen don't even bother to be subtle at all, they just use the shotgun approach, taking an exploit and pointing it at machines until they get in. Hiding version info is pretty damn useless.
Stefan
Kurt Seifried - seifried@securityportal.com SecurityPortal, your focal point for security on the net http://www.securityportal.com/