Re: unauthorized FTP attempts
On Tue, 03 Oct 2000, [EMAIL PROTECTED] wrote: >Hello ISPers, >Recently (within the last couple months) I've noticed a big increase of >people that are trying to ftp into my debian machine. I have logchecker >running and notice whenever there is an attempt to connect. I was thinking >in my mind that they may be trying to connect to see which version of ftpd >I am running? I remember reading about a security hole in one of the old >ftp servers. I've updated mine to the stable, but think this is what they >may be trying to do. > >Also, I was wondering what kind of action (if any) we should take in >stopping this type of thing? (contact the isp) ? > >Anyone have anything to say about this? A large ISP ( >500,000 customers) would need to dedicate at least one skilled administrator if they wanted to handle such trivial complaints. This would cost them >$100,000 per annum. The fact that someone is scanning your FTP server is not worth $100K to a large ISP. A small ISP knows that the type of people who scan for security holes will spend lots of time online and make them good amounts of money. Protecting the privacy of such customers makes economic sense. The only way an ISP will take up this issue is if you threaten legal action or writing letters to newspapers complaining (threatening bad PR). Of course if you do this then they will be annoyed and probably won't be as helpful as they might be if something serious happens... Put up a banner saying "welcome user from machine-name" where machine-name is the reverse DNS lookup and tell them that all connections are logged. It may scare some of the weenies. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: unauthorized FTP attempts
On Tue, Oct 03, 2000 at 01:43:44PM -0500, [EMAIL PROTECTED] wrote: > Hello ISPers, > Recently (within the last couple months) I've noticed a big increase of > people that are trying to ftp into my debian machine. I have logchecker > running and notice whenever there is an attempt to connect. I was thinking > in my mind that they may be trying to connect to see which version of ftpd > I am running? I remember reading about a security hole in one of the old > ftp servers. I've updated mine to the stable, but think this is what they > may be trying to do. > > Also, I was wondering what kind of action (if any) we should take in > stopping this type of thing? (contact the isp) ? > Any half respectable ISP will usually help you out if you can provide them with the log entrys and the date/time it happened. One thing I'd consider doing is faking your ftp server version, just for fun :) Regards, Robert Davidson. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
unauthorized FTP attempts
Hello ISPers, Recently (within the last couple months) I've noticed a big increase of people that are trying to ftp into my debian machine. I have logchecker running and notice whenever there is an attempt to connect. I was thinking in my mind that they may be trying to connect to see which version of ftpd I am running? I remember reading about a security hole in one of the old ftp servers. I've updated mine to the stable, but think this is what they may be trying to do. Also, I was wondering what kind of action (if any) we should take in stopping this type of thing? (contact the isp) ? Anyone have anything to say about this? Thanks, D Ghost -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]