- Original Message -
From: Dr Bado [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, January 17, 2002 4:58 PM
Subject: Ftp box - questionable
Hi..
Can someone decipher this??
Jan 8 09:47:46 ftp ftpd[17283]: [ID 575915 daemon.notice] ftp of
ACB026FC.ipt.aol.com
[172.176.38.252] tried to download /exdsk/ftp/etc/passwd
Where's your problem? Someone tried to download the passwd file
of your unix/(linux) server/system. Very often typical scanners
connect to random servers or specific ones, mainly trying to get
ftp-access by the anonymous or guest account(s).
The they just try to download.. /etc/passwd, /etc/shadow, /etc/~passwd
and some other combinations.
You mostly get the user list (passwd), but not the (encrypted) password
file,
corresponding to the list.. You can use the list nothing else than
getting some correct users (and their privileges).
I hope, I answered your question.
lightning