proftpd[26249]: xxx.xx.xx.x(ALille-201-2-2-141.abo.wanadoo.fr[193.252.194.141]) - FTP session opened.
proftpd[26249]: xxx.xx.xx.x(ALille-201-2-2-141.abo.wanadoo.fr[193.252.194.141]) - FTP session closed. I get hit from wanadoo as well. When the logs say FTP session opened and then closed right after it, are they making a connection in? I have annonymous FTP turn off... Any words of advice? >From: David Lucas <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: RE: [cobalt-security] Is this coincidence or what - FTP Scans >Date: Tue, 16 Oct 2001 23:16:08 -0500 > >At 10:46 PM 10/16/2001, you wrote: > >> >(pD9526130.dip.t-dialin.net[217.82.97.48]) - USER anonymous >> >(Login failed): Can't find user. Oct 16 04:40:59 ns >> >proftpd[3308]: xxxxxxxxxx >> >(pD9526130.dip.t-dialin.net[217.82.97.48]) - USER anonymous >> >(Login failed): Can't find user. Oct 16 04:40:59 ns >> >proftpd[3305]: xxxxxxxxxx >> >>This is the same IP and Network that scans my raq4r on a daily basis. >>Perhaps they like scanning and attempting ftp login on Aussies and >>Kiwi's. >> >>I have not had any malicious damage from them (that I can see) >> >>Regards (from Australia) >>Tim Lawson > >The two most common I see are dip.t-dialin.net and abo.wanadoo.fr >I get some of the same ips and some different. But them over and over. > >_______________________________________________ >cobalt-security mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-security _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
