-----Ursprüngliche Nachricht----- Von: Stefan Suurmeijer [mailto:stefan@symbolica.nl]
Hi Peter,
Hmmm, if you don't suppress version information on your ftp server, some script kiddie may have seen that you are using a vulnerable ftp server, and may now be trying to break in with different exploit scipts. There isn't much I can tell you about the pings. He may just be probing to see if your server is up, since his connects to your ftp server are suddenly failing. But it could be something else altogether.
Hello list, IMHO this is something being done very often recently. I have the same entries in my logs since about 4 weeks. As our server is serving 50 IPs at the moment, I therefoe have 50 entries. Seems as if someone or some ppl scan the net IP after IP for vulnerable ftp-servers. As these scans origin from around the whole world it seems as if these ppl are faking their destination-IPs. As wuftpd (which I run at the moment)is known as vulnerable I consider changing to proftpd. Is it totally different from wuftpd in configuration and usage ? Is it really more secure than wuftd ? Is it possible with proftpd to have secure anonymous ftp, chroot for users, and so on ? TIA --- Stephan