Re: Ftp box - questionable

[lightning]

- Original Message -
From: Dr Bado [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, January 17, 2002 4:58 PM
Subject: Ftp box - questionable

Hi..

 Can someone decipher this??
 Jan 8 09:47:46 ftp ftpd[17283]: [ID 575915 daemon.notice] ftp of
 ACB026FC.ipt.aol.com
 [172.176.38.252] tried to download /exdsk/ftp/etc/passwd

Where's your problem? Someone tried to download the passwd file
of your unix/(linux) server/system. Very often typical scanners
connect to random servers or specific ones, mainly trying to get
ftp-access by the anonymous or guest account(s).
The they just try to download.. /etc/passwd, /etc/shadow, /etc/~passwd
and some other combinations.
You mostly get the user list (passwd), but not the (encrypted) password
file,
corresponding to the list.. You can use the list nothing else than
getting some correct users (and their privileges).

I hope, I answered your question.

lightning

Re: Ftp box - questionable

[Jared C. Lovell]

Yeah, it probably means that someone has anonymous ftp running for no good
reason  Consider not allowing anonymous connections, you'll see the
number of failed (occasionally, sucessful) attempts to d/l sensitive
files drop considerably.  Better yet, don't run ftpd at all

- Jared

On Thu, 17 Jan 2002, Dr Bado wrote:

 Can someone decipher this??
 
 
 
 Jan 8 09:47:46 ftp ftpd[17283]: [ID 575915 daemon.notice] ftp of
 ACB026FC.ipt.aol.com
 [172.176.38.252] tried to download /exdsk/ftp/etc/passwd
 
 Jan 9 12:16:00 ftp ftpd[18122]: [ID 575915 daemon.notice] ftp of
 sandbox.fis.adp.com
 [38.218.181.113] tried to download /exdsk/ftp/incoming/.tmp