Subject: Attemted Theft of Services via FTP
From: Patrick Callahan (pac1@tiac.net)
Date: Fri Mar 01 2002 - 04:23:34 MST
I've just started running proftp so I can move files around my internal network.
I'm connected to the internet by modem. and /var/log/secure contains a few entries like this.
Probably harmless because they were'nt able to give a valid username and password. (anonymous logins are deliberately disabled)
Feb 28 07:52:24 localhost proftpd[22095]: localhost.localdomain ([24.90.163.104]) - USER ftp (Login failed): Invalid shell.
[root@localhost src]# ping 24.90.163.104
Are there any other risks here? What would have happened next if anonymous ftp were enabled?
What would you do about 24-90-163-104.nj.rr.com? Report the attempt to road runner? Ping of death to 24.90.163.104? Go to New Jersey and take his computer away? Civil Trial? Trial at Law? What settlement or sentence would you recommend as a Juror?
Someone last year suggested renaming the distro from "Yellowdog" to "Pit Bull Linux" Motto: "Just try to crack my box!"
I'm thinking of the following warning on the ftp login page:
"Protected by Pit Bull Linux and a false sense of security
If you're going to try to crack this box be sure to bring plenty of dog biscuits - the ordinary cookies on your hard drive won't do
Sic em Chip!
"
Humor aside, what do you do about attempted cracks like this?
-Pat
-pat
This archive was generated by hypermail 2a24 : Fri Mar 01 2002 - 04:38:00 MST