Well, you'll notice that you get alot of pokes like this from other boxes.
Usually, they're from boxes that have already been cracked and now they're
probing you to see if you're vulnerable. I get on about once every other
day. There are a couple of exploits for almost any service, and ftp seems to
be gaining in favor for script kiddies. You have to realize, your box is
connected to the world. Some of that is good--some of that is bad.
BTW, what's your connection? If you have a full-time, always-on connection,
we probably should have a talk about security. If you have dialup, somebody
probably just got lucky when they scanned the block that your address was
assigned to, and just happened to catch you at a time when you were
connected.
One of these days, I'm going to talk at a Saturday meeting about nmap (or at
least my highly-hacked version of imap ;^P --if this doesn't make sense,
follow this thread), ipchains, /etc/host.[deny|allow], logcheck, and
portsentry. It might be quite a few months off, so if anybody has a more
pressing concern, they should ask me in person.
--Mike
James wrote:
> But what I want to know is *why* would there be a random attempt to FTP to
> my server, to begin with? What could host3.bbdev.com possibly gain by
> trying to ftp into my server? It looks like it's a development company in
> California.
--
It's a shame that a family can be torn apart
by something as simple as wild dogs.
