-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The proftpd messages are just Cobalts swatch program checking to see if
every that is suppose to be running is. As for port 137, that's Windows
broadcasting crap to anything that will listen. If you have a lot of
Windows boxes on your subnet you'll see that often.
On Sat, 21 Apr 2001, Terrance Dwyer wrote:
> Just started seeing lot's of these entries in syslog:
>
> Apr 20 23:15:01 www proftpd[5807]: www.xxx-xxxx.com (localhost[127.0.0.1]) -
> no
> such user 'anonymous'
> Apr 20 23:15:01 www proftpd[5807]: www.xxx-xxxx.com (localhost[127.0.0.1]) -
> no
> such user 'anonymous'
> Apr 20 23:15:01 www proftpd[5807]: www.xxx-xxxx.com (localhost[127.0.0.1]) -
> FTP
> session closed.
>
> Any idea what might be doing this?
>
> Also, PortSentry reports lots of Port 137 scans?
>
> Any ideas greatly appreciated.
>
> TD
> [EMAIL PROTECTED]
>
> _______________________________________________
> cobalt-security mailing list
> [EMAIL PROTECTED]
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
- --
Marc Soda
ASPRE, Inc.
[EMAIL PROTECTED]
http://www.aspre.net/
Managed e-Business Application Services
- ---------------------------------
t. 215.957.2266 Ext. 2144
f. 215.957.2277
c.215.840.1633
113 Rock Road
Horsham, PA 19044
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE64chV8/oGPCGMSEgRAmMQAJ4k0Kw30JzE4vAxRb33CZhFykmH9wCg+PQu
m257uxOeF/PzBCZUmMBv9tU=
=lLgO
-----END PGP SIGNATURE-----
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
