Mailinglist Archive: opensuse-security (260 mails)

< Previous Next >
Re: [suse-security] Portsentry and logcheck
  • From: "S.T.Ryder" <stryder@xxxxxxxxxxxxx>
  • Date: Mon, 17 Jul 2000 20:06:01 -0400 (EDT)
  • Message-id: <Pine.LNX.4.21.0007171928170.19956-100000@xxxxxxxxxxxxxxxxxx>


On Mon, 17 Jul 2000, Rupert Kittinger wrote:

>
> PS: I am getting lots of probes for anonymous ftp lately, about twice a
> week.
>

I am too. From the log...

July 4 11:43:05 baby wu.ftpd[9390]: connect from root@xxxxxxxxxxxxxx
July 4 11:43:06 baby ftpd[9390]: FTP session closed
Jul 11 04:51:29 baby wu.ftpd[32405]: connect from cdsl221.eugn.uswest.net
Jul 11 04:51:30 baby ftpd[32405]: FTP session closed
Jul 11 10:29:23 baby wu.ftpd[651] connect from
1Cust187.tnt1.denver.co.uu.net
Jul 11 10:29:29 baby ftpd[651]: FTP session closed
Jul 13 00:00:53 baby wu.ftpd[5783]: connect from root@xxxxxxxxxxxx
Jul 13 00:00:56 baby ftpd[5783]: FTP session closed

I look for the attempted connects from root@xxxxxxxxxxxxxxx that
only last a second or so. They look like probes, although noisy.
They are not all from the same IP either. I keep track of the IP's..
just in case.. mostly I ignore them.

Regards,


< Previous Next >
References