[Snort-users] Uh-oh... bad ftp login
mikael.schmidt at ...718...
Mon Oct 30 09:46:26 EST 2000
how do you start snort? do you start it with -s? if you don't, that's the
reason why you can't find anything in secure or messages, snort doesn't log
to syslog per default.
On Mon, 30 Oct 2000, Jan Muenther wrote:
> Hello there,
> I am slightly discomforted, to say the least.
> Checking the weekend's snort logs, I found a bad FTP password
> attempt. Well, this could happen when you run a FTP server
> without anonymous access ;o))
> But anyway, checking the server's logs, I could not find any
> correlating report in neither messages nor secure. I find that
> The box runs RH 6.2, with proftpd 1.2.0pre10, so it's a
> post-r00t-version... as I already mentioned, no anonymous ftp
> allowed. Apart from that, there's only ssh running... with
> logins only allowed from one host (mine of course).
> I took a quick look around, wtmp seems okay, histories are there,
> logs seem otherwise consistent... Couldn't find any signs of
> has anybody had similar experience...??
> Cheers, Jan
Mikael Schmidt - mikael.schmidt at ...718...
tfn: +46(0)46 - 222 47 35
mob: +46(0)707 - 46 60 56
More information about the Snort-users