Hi <Disclaimer> First I want to apologize for my bad english. If this question has been posted before (and I missed it), accept my apologies one more time :o) </disclaimer>
Since a few days I can see an increasing number of attempts to connect to my ftp-server as anonymous user (which of course is rejected). Different sources from all over the world. Is there an actual worm/exploit/other issue for ftp servers (I run proftp 1.2.1) or any idea why suddenly the attempts are increasing? Anything to be worried about? One IP also did a stealth scan (according to snort), what do you think, is this worth an complaint (isp)? Lorenz Inglin ----------------- Some examples: Sep 30 06:39:55 svfile proftpd[26373]: svfile (64.230.106.47[64.230.106.47]) - FTP session opened. Sep 30 06:39:55 svfile proftpd[26373]: svfile (64.230.106.47[64.230.106.47]) - no such user 'anonymous' Sep 30 06:39:55 svfile proftpd[26373]: svfile (64.230.106.47[64.230.106.47]) - USER anonymous (Login failed): Can't find user. Sep 30 06:39:55 svfile snort[25609]: [1:0:0] IDS364/ftp_ftp-bad-login [Classification: failed system integrity attempt Priority: 5]: 192.168.1.2:21 -> 64.230.106.47:3975 Sep 30 06:39:56 svfile snort[25609]: [1:0:0] IDS364/ftp_ftp-bad-login [Classification: failed system integrity attempt Priority: 5]: 192.168.1.2:21 -> 64.230.106.47:3975 Sep 30 06:39:56 svfile proftpd[26373]: svfile (64.230.106.47[64.230.106.47]) - FTP session closed. Sep 30 06:39:56 svfile snort[25609]: [1:0:0] IDS364/ftp_ftp-bad-login [Classification: failed system integrity attempt Priority: 5]: 192.168.1.2:21 -> 64.230.106.47:3975 Sep 30 17:31:35 svfile proftpd[27243]: svfile (192.118.6.32[192.118.6.32]) - FTP session opened. Sep 30 17:31:37 svfile proftpd[27243]: svfile (192.118.6.32[192.118.6.32]) - no such user 'anonymous' Sep 30 17:31:38 svfile proftpd[27243]: svfile (192.118.6.32[192.118.6.32]) - USER anonymous (Login failed): Can't find user. Sep 30 17:31:38 svfile snort[25609]: [1:0:0] IDS364/ftp_ftp-bad-login [Classification: failed system integrity attempt Priority: 5]: 192.168.1.2:21 -> 192.118.6.32:15619 Sep 30 17:31:39 svfile snort[25609]: [1:0:0] IDS364/ftp_ftp-bad-login [Classification: failed system integrity attempt Priority: 5]: 192.168.1.2:21 -> 192.118.6.32:15619 Sep 30 17:31:39 svfile proftpd[27243]: svfile (192.118.6.32[192.118.6.32]) - FTP session closed. Sep 30 17:31:39 svfile snort[25609]: [1:0:0] IDS364/ftp_ftp-bad-login [Classification: failed system integrity attempt Priority: 5]: 192.168.1.2:21 -> 192.118.6.32:15619 Oct 1 04:56:56 svfile proftpd[28227]: svfile (192.220.128.24[192.220.128.24]) - FTP session opened. Oct 1 04:56:56 svfile proftpd[28227]: svfile (192.220.128.24[192.220.128.24]) - FTP session closed. Oct 1 08:38:30 svfile proftpd[28501]: svfile (63.205.42.131[63.205.42.131]) - FTP session opened. Oct 1 08:38:31 svfile proftpd[28501]: svfile (63.205.42.131[63.205.42.131]) - no such user 'anonymous' Oct 1 08:38:31 svfile proftpd[28501]: svfile (63.205.42.131[63.205.42.131]) - USER anonymous (Login failed): Can't find user. Oct 1 08:38:31 svfile snort[28258]: [1:0:0] IDS364/ftp_ftp-bad-login [Classification: failed system integrity attempt Priority: 5]: 192.168.1.2:21 -> 63.205.42.131:1687 Oct 1 08:38:31 svfile snort[28258]: [1:0:0] IDS364/ftp_ftp-bad-login [Classification: failed system integrity attempt Priority: 5]: 192.168.1.2:21 -> 63.205.42.131:1687 Oct 1 08:38:31 svfile proftpd[28501]: svfile (63.205.42.131[63.205.42.131]) - FTP session closed. Oct 1 08:38:32 svfile snort[28258]: [1:0:0] IDS364/ftp_ftp-bad-login [Classification: failed system integrity attempt Priority: 5]: 192.168.1.2:21 -> 63.205.42.131:1687
