By itself, this log is not much of a problem. It indicates 4 connection attempts. The
first and last 2 (from 203.167.83.9) just sent the FTP QUIT command, The second tried
to logon using standard FTP anonymous logon. But if you are not really providing an
FTP service on your IIS server, you should not enable FTP (or Gopher or SMTP for
email).
Never run a service on the Internet that you are not completely sure of the protocol.
There are bugs in the NT FTP service that can cause problems if not completely patched.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Sunday, May 27, 2001 22:51
To: Alvin Oga
Cc: Alvin Oga; Chris Keladis; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: logfile
I'm pretty new to web security and this is probably a dumb question. But..
I would appreciate any help from you guys. I found the log below in
msftpsvc1 logfie. I'm using Nt platform and IIS 4. Should I be concerned
with this? Can anybody also help me know how to interpret the logs from
msftpsvc, w3svc and smtpsvc.
15:06:45 203.167.83.9 [393]QUIT - 220
15:07:06 212.150.110.129 [394]USER anonymous 331
15:07:07 212.150.110.129 [394]PASS [EMAIL PROTECTED] 230
15:08:50 203.167.83.9 [395]QUIT - 220
15:10:56 203.167.83.9 [396]QUIT - 220
Thanks!
-
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
