Dear All RE: my other post complaining about the same old faces attempting ftp log ins and scans, I just went through last nights logchecks and look who's on it.
Oct 17 00:23:06 ns1 proftpd[3527]: xxx.xx.xx.xxx (AOrleans-101-1-3-198.abo.wanadoo.fr[217.128.165.198]) - FTP session opened. Oct 17 00:23:06 ns1 proftpd[3527]: xxx.xx.xx.xxx (AOrleans-101-1-3-198.abo.wanadoo.fr[217.128.165.198]) - no such user 'anonymous' Oct 17 01:56:28 ns1 portsentry[1054]: attackalert: SYN/Normal scan from host: user-v3qth40.biz.mindspring.com/199.174.196.128 to TCP port: 111 Surprise surprise, wanadoo and mindspring by the end of the day what's the betting some creep from dip.t-dialin.net will join them. Simon -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gerald Waugh Sent: 15 October 2001 05:52 To: [EMAIL PROTECTED] Subject: Re: [cobalt-security] Is this coincidence or what - FTP Scans > I get hit from wanadoo as well. When the logs say FTP session opened and > then closed right after it, are they making a connection in? I have > annonymous FTP turn off... > No, they just connect then disconnect without attempting to log in. I get them, dip.t-dialin.net and alot of mindspring all the time also. Gerald _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
