[Dshield] FTP server strange logins

David Taylor ltr at isc.upenn.edu
Mon Aug 21 13:40:28 GMT 2006


Wouldn't happen to be this, would it?

http://www.milw0rm.com/exploits/2233

ZERO-DAY: WFTPD server 3.23 (SIZE) 0day remote buffer overflow exploit


On 8/21/06 3:07 AM, "Dominik Składanowski" <dskladanowski at gmail.com> wrote:

> Hello list.
> 
> Does anybody notice strange tests of yours FTP servers? It looks like
> someone tries to log into server, but without any login name and
> password.
> 
> I have observed this scan second time in last 2 weeks.
> 
> Below I attached fragment of my logwatch report.
> 
> --------------------- pam_unix Begin ------------------------
> 
> vsftpd:
>     Unknown Entries:
>        authentication failure; logname= uid=0 euid=0 tty= ruser=
> rhost=124.128.254.69 : 2283 Time(s)
>        check pass; user unknown: 2283 Time(s)
> 
> 
>   ---------------------- pam_unix End -------------------------
> 
> Regards
> 
> Dominik
> 
> _________________________________________
> 
> SANS Network Security 2006 - Las Vegas NV October 1st-9th.
> Wide selection of 1-6 Day Courses. Top Instructors!
> 
> Details: isc.sans.org/clickcount.php?ad=1
> (use Brochurcode "ISC")
> 
> "Best IT Security return on Investment" (Mario Chiock, Schlumberger)
> _______________________________________________


==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
==================================================

Penn Information Security RSS feed
http://www.upenn.edu/computing/security/rss/rssfeed.xml
Add link to your favorite RSS reader






More information about the list mailing list