[Snort-users] Uh-oh... bad ftp login
jan at ...206...
Mon Oct 30 06:09:43 EST 2000
I am slightly discomforted, to say the least.
Checking the weekend's snort logs, I found a bad FTP password
attempt. Well, this could happen when you run a FTP server
without anonymous access ;o))
But anyway, checking the server's logs, I could not find any
correlating report in neither messages nor secure. I find that
The box runs RH 6.2, with proftpd 1.2.0pre10, so it's a
post-r00t-version... as I already mentioned, no anonymous ftp
allowed. Apart from that, there's only ssh running... with
logins only allowed from one host (mine of course).
I took a quick look around, wtmp seems okay, histories are there,
logs seem otherwise consistent... Couldn't find any signs of
has anybody had similar experience...??
Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther at ...206...
More information about the Snort-users