> I just installed logcheck, and my paranoia is excessive. > > Jun 27 17:26:24 ns proftpd[24660]: myip.myip.myip.myip > (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session opened. > Jun 27 17:26:24 ns proftpd[24661]: myip.myip.myip.myip > (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session opened. > Jun 27 17:26:25 ns proftpd[24660]: myip.myip.myip.myip > (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session closed. > Jun 27 17:27:52 ns proftpd[24661]: myip.myip.myip.myip > (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session closed.
It's some cl0wn scanning your ftp server. Typically they're looking for an anonymous ftp server to load up with warez. There are whole net blocks that I've blocked with tcp-wrappers to cut down on this stuff. HTH, j -- http://www.bizmanuals.com _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
