Probally just some warez group searching for public ftp's they can store their "warez" on. If it isnt causing any damage i'd just let them be. But then again, if you have the time to spare send some logs [EMAIL PROTECTED] ( They will probally only care if it gets probed/attemped to connect more than 10 times ).
Lorenz Inglin wrote: > Hi > > <Disclaimer> First I want to apologize for my bad english. If this question > has been posted before (and I missed it), accept my apologies one more time > :o) </disclaimer> > > Since a few days I can see an increasing number of attempts to connect to my > ftp-server as anonymous user (which of course is rejected). Different > sources from all over the world. Is there an actual worm/exploit/other issue > for ftp servers (I run proftp 1.2.1) or any idea why suddenly the attempts > are increasing? Anything to be worried about? > > One IP also did a stealth scan (according to snort), what do you think, is > this worth an complaint (isp)? > > Lorenz Inglin > > ----------------- > Some examples: > > Sep 30 06:39:55 svfile proftpd[26373]: svfile > (64.230.106.47[64.230.106.47]) - FTP session opened. > Sep 30 06:39:55 svfile proftpd[26373]: svfile > (64.230.106.47[64.230.106.47]) - no such user 'anonymous' > Sep 30 06:39:55 svfile proftpd[26373]: svfile > (64.230.106.47[64.230.106.47]) - USER anonymous (Login failed): Can't find > user. > Sep 30 06:39:55 svfile snort[25609]: [1:0:0] IDS364/ftp_ftp-bad-login > [Classification: failed system integrity attempt Priority: 5]: > 192.168.1.2:21 -> 64.230.106.47:3975 > Sep 30 06:39:56 svfile snort[25609]: [1:0:0] IDS364/ftp_ftp-bad-login > [Classification: failed system integrity attempt Priority: 5]: > 192.168.1.2:21 -> 64.230.106.47:3975 > Sep 30 06:39:56 svfile proftpd[26373]: svfile > (64.230.106.47[64.230.106.47]) - FTP session closed. > Sep 30 06:39:56 svfile snort[25609]: [1:0:0] IDS364/ftp_ftp-bad-login > [Classification: failed system integrity attempt Priority: 5]: > 192.168.1.2:21 -> 64.230.106.47:3975 > Sep 30 17:31:35 svfile proftpd[27243]: svfile (192.118.6.32[192.118.6.32]) - > FTP session opened. > Sep 30 17:31:37 svfile proftpd[27243]: svfile (192.118.6.32[192.118.6.32]) - > no such user 'anonymous' > Sep 30 17:31:38 svfile proftpd[27243]: svfile (192.118.6.32[192.118.6.32]) - > USER anonymous (Login failed): Can't find user. > Sep 30 17:31:38 svfile snort[25609]: [1:0:0] IDS364/ftp_ftp-bad-login > [Classification: failed system integrity attempt Priority: 5]: > 192.168.1.2:21 -> 192.118.6.32:15619 > Sep 30 17:31:39 svfile snort[25609]: [1:0:0] IDS364/ftp_ftp-bad-login > [Classification: failed system integrity attempt Priority: 5]: > 192.168.1.2:21 -> 192.118.6.32:15619 > Sep 30 17:31:39 svfile proftpd[27243]: svfile (192.118.6.32[192.118.6.32]) - > FTP session closed. > Sep 30 17:31:39 svfile snort[25609]: [1:0:0] IDS364/ftp_ftp-bad-login > [Classification: failed system integrity attempt Priority: 5]: > 192.168.1.2:21 -> 192.118.6.32:15619 > Oct 1 04:56:56 svfile proftpd[28227]: svfile > (192.220.128.24[192.220.128.24]) - FTP session opened. > Oct 1 04:56:56 svfile proftpd[28227]: svfile > (192.220.128.24[192.220.128.24]) - FTP session closed. > Oct 1 08:38:30 svfile proftpd[28501]: svfile > (63.205.42.131[63.205.42.131]) - FTP session opened. > Oct 1 08:38:31 svfile proftpd[28501]: svfile > (63.205.42.131[63.205.42.131]) - no such user 'anonymous' > Oct 1 08:38:31 svfile proftpd[28501]: svfile > (63.205.42.131[63.205.42.131]) - USER anonymous (Login failed): Can't find > user. > Oct 1 08:38:31 svfile snort[28258]: [1:0:0] IDS364/ftp_ftp-bad-login > [Classification: failed system integrity attempt Priority: 5]: > 192.168.1.2:21 -> 63.205.42.131:1687 > Oct 1 08:38:31 svfile snort[28258]: [1:0:0] IDS364/ftp_ftp-bad-login > [Classification: failed system integrity attempt Priority: 5]: > 192.168.1.2:21 -> 63.205.42.131:1687 > Oct 1 08:38:31 svfile proftpd[28501]: svfile > (63.205.42.131[63.205.42.131]) - FTP session closed. > Oct 1 08:38:32 svfile snort[28258]: [1:0:0] IDS364/ftp_ftp-bad-login > [Classification: failed system integrity attempt Priority: 5]: > 192.168.1.2:21 -> 63.205.42.131:1687 > > > >
