![](https://seccdn.libravatar.org/avatar/9ea1cabc7fae4e5f0c0daddea9fc2c12.jpg?s=120&d=mm&r=g)
I am receiving scanlogd messages from ftp.gwdg.de there is a wget ftp download scrip there is running yet this is the first time I am getting messages like this the downloading machine is masquared should the inner ip be as my real ip. Can someone give a guidance what to check for TIA -- Togan Muftuoglu Unusual System Events =-=-=-=-=-=-=-=-=-=-= May 16 15:41:34 gardiyan scanlogd: 134.76.11.100:20 to 192.168.1.3 ports 2549, 2550, 2551, 2552, 2553, 2554, 2555, ..., ??r??uxy, TOS 08, TTL 41 @15:40:50 May 16 15:52:11 gardiyan scanlogd: 134.76.11.100:20 to 192.168.1.3 ports 2715, 2716, 2717, 2718, 2719, 2720, 2721, ..., ??r??uxy, TOS 08, TTL 41 @15:51:26 May 16 15:53:12 gardiyan scanlogd: 134.76.11.100:20 to 192.168.1.3 ports 2744, 2745, 2746, 2747, 2748, 2749, 2750, ..., ??r??uxy, TOS 08, TTL 41 @15:52:28 May 16 15:59:00 gardiyan /USR/SBIN/CRON[10460]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) ----- End forwarded message ----- -- Togan Muftuoglu
![](https://seccdn.libravatar.org/avatar/edc47c145813667538fa627e7c053477.jpg?s=120&d=mm&r=g)
I am receiving scanlogd messages from ftp.gwdg.de there is a wget ftp download scrip there is running yet this is the first time I am getting messages like this the downloading machine is masquared should the inner ip be as my real ip.
Can someone give a guidance what to check for
TIA
Everything is fine. The ftp server opens tcp connections in PORT mode to
your client. scanlogd interprets these as a scan.
We're getting these kinds of complaints every few days. Good luck that
more and more ftp clients use PASV mode as default transfer mode. There,
the client opens a data connection to the server, not the other way
around.
Roman.
--
- -
| Roman Drahtmüller
![](https://seccdn.libravatar.org/avatar/9ea1cabc7fae4e5f0c0daddea9fc2c12.jpg?s=120&d=mm&r=g)
* Roman Drahtmueller
Everything is fine. The ftp server opens tcp connections in PORT mode to your client. scanlogd interprets these as a scan.
Thanks for the prompt relief info so I can continue getting my updates for SuSE ;-) -- Togan Muftuoglu
participants (2)
-
Roman Drahtmueller
-
Togan Muftuoglu