[cobalt-security] Is this coincidence or what - FTP Scans

Tue, 16 Oct 2001 16:50:36 -0700 

Hi Yah,

This is a snip from one of the logcheck reports I received this morning
xxxxxxxxxx being the IP's on our server. Is it just a coincidence that the
syslogd was activated before and after attempts to access the server via
FTP?

Security Violations
=-=-=-=-=-=-=-=-=-=
Oct 16 04:40:59 ns proftpd[3305]: xxxxxxxxxx
(pD9526130.dip.t-dialin.net[217.82.97.48]) - USER anonymous (Login failed):
Can't find user.
Oct 16 04:40:59 ns proftpd[3308]: xxxxxxxxxx
(pD9526130.dip.t-dialin.net[217.82.97.48]) - USER anonymous (Login failed):
Can't find user.
Oct 16 04:41:03 ns proftpd[3309]: xxxxxxxxxx
(pD9526130.dip.t-dialin.net[217.82.97.48]) - USER anonymous (Login failed):
Can't find user.
Oct 16 04:41:03 ns proftpd[3315]:xxxxxxxxxx
(pD9526130.dip.t-dialin.net[217.82.97.48]) - USER anonymous (Login failed):
Can't find user.

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Oct 16 04:40:08 ns syslogd 1.3-3: restart.
Oct 16 04:40:59 ns proftpd[3305]: xxxxxxxxxx
(pD9526130.dip.t-dialin.net[217.82.97.48]) - USER anonymous (Login failed):
Can't find user.
Oct 16 04:40:59 ns proftpd[3308]: xxxxxxxxxx
(pD9526130.dip.t-dialin.net[217.82.97.48]) - USER anonymous (Login failed):
Can't find user.
Oct 16 04:40:59 ns proftpd[3305]: xxxxxxxxxx
(pD9526130.dip.t-dialin.net[217.82.97.48]) - FTP session closed.
Oct 16 04:41:03 ns proftpd[3308]: xxxxxxxxxx
(pD9526130.dip.t-dialin.net[217.82.97.48]) - FTP session closed.
Oct 16 04:41:03 ns proftpd[3309]: xxxxxxxxxx
(pD9526130.dip.t-dialin.net[217.82.97.48]) - USER anonymous (Login failed):
Can't find user.
Oct 16 04:41:03 ns proftpd[3315]: xxxxxxxxxx
(pD9526130.dip.t-dialin.net[217.82.97.48]) - USER anonymous (Login failed):
Can't find user.
Oct 16 04:41:04 ns proftpd[3309]: xxxxxxxxxx
(pD9526130.dip.t-dialin.net[217.82.97.48]) - FTP session closed.
Oct 16 04:41:04 ns proftpd[3315]: xxxxxxxxxx
(pD9526130.dip.t-dialin.net[217.82.97.48]) - FTP session closed.
Oct 16 04:41:29 ns syslogd 1.3-3: restart.

Regards from Auckland

Chae

_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security

Reply via email to