Full Disclosure mailing list archives
Re: Strange FTP log messages
From: Larry Hand <lhand () co la ca us>
Date: Mon, 27 Sep 2004 09:12:49 -0700
I see the same thing on my FTP logs from a Spong system monitor. Check with the user at that IP address as see what he's up to. I expect it's just someone monitoring your FTP server. It's not stealthy so it's probably not a prelude to attack. On Friday 24 September 2004 10:24 pm, Mike Barushok wrote:
Nagios or netsaint (or anything else that simply connects to TCP/21 without authenticating) being used to monitor FTP? On Fri, 24 Sep 2004, ken wrote:Does anyone recognize this behavior? This has been occurring for a while. I am curious as to what would cause this. This has been happening on a wide range of IPs. Any hints would be appreciated, thanks in advance. -k Sep 23 18:02:45 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] Logout - CPU
time spent: 0.000 seconds.
Sep 23 19:02:49 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] New
connection from 65.82.31.47
Sep 23 19:02:49 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] Logout - CPU
time spent: 0.000 seconds.
Sep 23 20:02:56 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] New
connection from 65.82.31.47
Sep 23 20:02:56 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] Logout - CPU
time spent: 0.000 seconds.
Sep 23 21:03:03 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] New
connection from 65.82.31.47
Sep 23 21:03:03 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] Logout - CPU
time spent: 0.010 seconds.
Sep 23 22:03:11 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] New
connection from 65.82.31.47
Sep 23 22:03:11 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] Logout - CPU
time spent: 0.010 seconds.
Sep 23 23:03:18 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] New
connection from 65.82.31.47
Sep 23 23:03:18 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] Logout - CPU
time spent: 0.000 seconds.
Sep 24 00:03:25 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] New
connection from 65.82.31.47
Sep 24 00:03:25 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] Logout - CPU
time spent: 0.000 seconds.
Sep 24 01:03:33 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] New
connection from 65.82.31.47
Sep 24 01:03:33 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] Logout - CPU
time spent: 0.000 seconds.
Sep 24 02:03:40 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] New
connection from 65.82.31.47
Sep 24 02:03:40 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] Logout - CPU
time spent: 0.000 seconds.
Sep 24 03:03:48 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] New
connection from 65.82.31.47
Sep 24 03:03:49 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] Logout - CPU
time spent: 0.000 seconds.
Sep 24 04:03:55 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] New
connection from 65.82.31.47
Sep 24 04:03:55 webnode01 pure-ftpd: (?@65.82.31.47) [INFO] Logout - CPU
time spent: 0.000 seconds.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --- [This E-mail scanned for viruses.]
--- [This E-mail scanned for viruses.] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Strange FTP log messages ken (Sep 24)
- Re: Strange FTP log messages Andrea Purificato - bunker (Sep 24)
- Re: Strange FTP log messages Steve Kudlak (Sep 25)
- Re: Strange FTP log messages Mike Barushok (Sep 24)
- Re: Strange FTP log messages Larry Hand (Sep 27)
- Re: Strange FTP log messages Andrea Purificato - bunker (Sep 24)