Thanks for everyone's input to the fact that syslogd was restarted prior and after the scans to FTP.
I had realised that there is the same data in the security violations and the Unusual System Events, but just wanted to make sure that my findings and conclusions were correct :> and I had nothing to worry about. To carry on what other people have been saying the scans from dip.t-dialin.net and abo.wanadoo.fr happen to our servers on a daily basis and on every occasion we contact them - not to bitch about it but to tell them that someone on their network is scanning or attempting to access our server and can they take the appropriate action...this has been going on for months now and not one acknowledgement or one email saying yes the offender has been warned or their account cancelled. I know they haven't breached the server but as someone mentioned it does get annoying seeing the same network and IP's coming up...what do you do if the ISP can't take matters like this seriously :< Anyway thanks again for the replies Regards from Auckland Chae _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
