[Snort-users] Uh-oh... bad ftp login

Jan Muenther jan at ...206...
Mon Oct 30 06:09:43 EST 2000


Hello there,

I am slightly discomforted, to say the least.

Checking the weekend's snort logs, I found a bad FTP password
attempt. Well, this could happen when you run a FTP server
without anonymous access ;o))
But anyway, checking the server's logs, I could not find any
correlating report in neither messages nor secure. I find that
disturbing. 

The box runs RH 6.2, with proftpd 1.2.0pre10, so it's a
post-r00t-version... as I already mentioned, no anonymous ftp
allowed.  Apart from that, there's only ssh running... with
logins only allowed from one host (mine of course).

I took a quick look around, wtmp seems okay, histories are there,
logs seem otherwise consistent... Couldn't find any signs of
rootkit/bd.

has anybody had similar experience...??

Cheers, Jan
-- 
Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther at ...206...



More information about the Snort-users mailing list