Subject: Re: Attemted Theft of Services via FTP
From: Patrick Ladam (ladam@smbh.smbh.univ-paris13.fr)
Date: Fri Mar 01 2002 - 13:51:13 MST
Patrick Callahan wrote:
> On Fri, 1 Mar 2002 06:23:34 -0500
> Patrick Callahan <pac1@tiac.net> wrote:
>
> > I've just started running proftp so I can move files around my internal network.
> > I'm connected to the internet by modem. and /var/log/secure contains a few entries like this.
> >
> > Probably harmless because they were'nt able to give a valid username and password. (anonymous logins are deliberately disabled)
> >
> > Feb 28 07:52:24 localhost proftpd[22095]: localhost.localdomain ([24.90.163.104]) - USER ftp (Login failed): Invalid shell.
> > [root@localhost src]# ping 24.90.163.104
> >
>
> the ping was me trying to see if the user was still connected a day later. They weren't.
>
> The /var/log/secure entry was just:
>
> Feb 28 07:52:24 localhost proftpd[22095]: localhost.localdomain ([24.90.163.104]) - USER ftp (Login failed): Invalid shell.
You have not finished seeing messages like this !!!! You will spend your time and money in law
courts if you react like this... Just secure your workstation: SSH, TCP-Wrapper, Check out for
obvious holes in your /etc/passwd file, use shadow, become paranoid if you want to stay
connected. I have about 10 crack temptative a week... Also upgrade, patch ass soon as there
is a security wekness discovered. Check regularly security web sites.
Bye
-- ------------------------------------------------------------------ | Patrick LADAM | | | Laboratoire CSSB | THE BIG BANG THEORY: | | UFR SMBH | | | 74 rue Marcel Cachin | In the begining there was | | 93017 Bobigny CEDEX | nothing at all. | | >>> NEW e-mail: <<< | | | ladam@smbh.smbh.univ-paris13.fr | Then, it exploded... | | Tel: 01 48 38 77 26 / 76 85 | | | Fax: 01 48 38 77 77 | | ------------------------------------------------------------------
This archive was generated by hypermail 2a24 : Fri Mar 01 2002 - 04:56:42 MST