[Dshield] FTP server strange logins

Joel Esler eslerj at gmail.com
Mon Aug 21 12:55:54 GMT 2006


Dominik,

Yes, I get thousands of them a day (of course I run a honeypot to grab
them too), but I get thousands of them.  Only thing you can do about
it really is to block them at a firewall or something, but there are
so many attempts, I don't know how you would get around it.

J

On 8/21/06, Dominik Składanowski <dskladanowski at gmail.com> wrote:
> Hello list.
>
> Does anybody notice strange tests of yours FTP servers? It looks like
> someone tries to log into server, but without any login name and
> password.
>
> I have observed this scan second time in last 2 weeks.
>
> Below I attached fragment of my logwatch report.
>
> --------------------- pam_unix Begin ------------------------
>
> vsftpd:
>     Unknown Entries:
>        authentication failure; logname= uid=0 euid=0 tty= ruser=
> rhost=124.128.254.69 : 2283 Time(s)
>        check pass; user unknown: 2283 Time(s)
>
>
>   ---------------------- pam_unix End -------------------------
>
> Regards
>
> Dominik
>
> _________________________________________
>
> SANS Network Security 2006 - Las Vegas NV October 1st-9th.
> Wide selection of 1-6 Day Courses. Top Instructors!
>
> Details: isc.sans.org/clickcount.php?ad=1
> (use Brochurcode "ISC")
>
> "Best IT Security return on Investment" (Mario Chiock, Schlumberger)
> _______________________________________________
>


-- 
--Joel



More information about the list mailing list