Re: Ftp box - questionable
- Original Message - From: Dr Bado [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, January 17, 2002 4:58 PM Subject: Ftp box - questionable Hi.. Can someone decipher this?? Jan 8 09:47:46 ftp ftpd[17283]: [ID 575915 daemon.notice] ftp of ACB026FC.ipt.aol.com [172.176.38.252] tried to download /exdsk/ftp/etc/passwd Where's your problem? Someone tried to download the passwd file of your unix/(linux) server/system. Very often typical scanners connect to random servers or specific ones, mainly trying to get ftp-access by the anonymous or guest account(s). The they just try to download.. /etc/passwd, /etc/shadow, /etc/~passwd and some other combinations. You mostly get the user list (passwd), but not the (encrypted) password file, corresponding to the list.. You can use the list nothing else than getting some correct users (and their privileges). I hope, I answered your question. lightning
Re: Ftp box - questionable
Yeah, it probably means that someone has anonymous ftp running for no good reason Consider not allowing anonymous connections, you'll see the number of failed (occasionally, sucessful) attempts to d/l sensitive files drop considerably. Better yet, don't run ftpd at all - Jared On Thu, 17 Jan 2002, Dr Bado wrote: Can someone decipher this?? Jan 8 09:47:46 ftp ftpd[17283]: [ID 575915 daemon.notice] ftp of ACB026FC.ipt.aol.com [172.176.38.252] tried to download /exdsk/ftp/etc/passwd Jan 9 12:16:00 ftp ftpd[18122]: [ID 575915 daemon.notice] ftp of sandbox.fis.adp.com [38.218.181.113] tried to download /exdsk/ftp/incoming/.tmp
Ftp box - questionable
Can someone decipher this?? Jan 8 09:47:46 ftp ftpd[17283]: [ID 575915 daemon.notice] ftp of ACB026FC.ipt.aol.com [172.176.38.252] tried to download /exdsk/ftp/etc/passwd Jan 9 12:16:00 ftp ftpd[18122]: [ID 575915 daemon.notice] ftp of sandbox.fis.adp.com [38.218.181.113] tried to download /exdsk/ftp/incoming/.tmp