On Sat, 28 Jun 2003, Mike Vanecek wrote: > On Sat, 28 Jun 2003 14:53:41 +0200, Michael Schwendt wrote > > > On Sat, 28 Jun 2003 07:35:56 -0500, Mike Vanecek wrote: > > > > > I get the the below entries in my log on a periodic basis. > > > > > > As you can see, the client ip never seems to be the same. The uid is always > > > anon. The password is always [EMAIL PROTECTED] Nothing is transfered. > > > > > > Anyone know what is going on with this? > > > > > > Other than turning off anon ftp, how could one setup a rule to drop these > packets? > > > > > > Thanks. > > > > > > Tue Jun 3 20:54:10 2003 [pid 2876] [ftp] OK LOGIN: Client "80.116.190.28", > > > anon password "[EMAIL PROTECTED]" > > > Wed Jun 4 01:52:24 2003 [pid 3046] [ftp] OK LOGIN: Client "80.8.55.232", anon > > > password "[EMAIL PROTECTED]" > > > > Have you tried searching Google for "[EMAIL PROTECTED]"? > > It gives several results pointing to a tool called Grim's Ping > > (http://grimsping.cjb.net/). > > Not for that pattern, but thank you for pointing it out. Very useful search. > > The prevention seems to be either a large set of entries in the hosts.deny > file or putting [EMAIL PROTECTED] in the /etc/vsftpd.ftpusers file. I am > trying the later since it would seem the hosts.deny file is not likely to > catch them all, especially if proxies are being used. > > Weird world we live in. > > Thank you again.
If you have a firewall then just block anything from home.com. If you don't have a firewall then check out the Monmotha script. Is home.com still a valid host name? Didn't home.com go bankrupt a couple of years ago? A host lookup on home.com failed. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
