Security Incidents mailing list archives

RE: Strange FTP logs

From: "JP Garcia" <jgarcia () networkadvocates com>
Date: Mon, 1 Nov 2004 15:08:35 -0500

Rob,

Sniffing an FTP password is surprisingly trivial given the tools that
exist today.  I'd be inclined to agree with Andrew when he says that
it's likely that your IP/UID/pass got posted somewhere, and that they
were doing some recon on your system and looking for goodies.  It may be
advisable to either:

-Set your firewall to only allow FTP traffic from "trusted IPs"

Or

-Switch to SCP

Cheers,
-JP

Current thread:

Strange FTP logs Rob klein Gunnewiek (Nov 01)
- Re: Strange FTP logs Andrew Smith (Nov 01)
- Re: Strange FTP logs xyberpix (Nov 01)
- <Possible follow-ups>
- RE: Strange FTP logs Jobe Bittman (Nov 01)
- RE: Strange FTP logs JP Garcia (Nov 01)
  - Re: Strange FTP logs Valdis . Kletnieks (Nov 01)
- Re: Strange FTP logs Yuri Gushin (Nov 02)