|
Security Incidents
mailing list archives
Quick question re FTP activity
From: "Timothy M. Lyons" <lyons () digitalvoodoo org>
Date: Sun, 10 Nov 2002 05:20:53 -0500
I just brought this server online to lessen the stress on my web server,
so I have to admit it's been a _long_ time since I ran FTP on anything.
Can someone tell me what the user is trying to accomplish from the log
excerpt below?
--Tim
---
"Leave the beaten path and dive into the woods.
You are certain to find something interesting."
-- Alexander Graham Bell (1847 - 1922)
---begin ftp log---
Nov 9 08:53:15 envoy ftpd[2801]: USER anonymous
Nov 9 08:53:16 envoy ftpd[2801]: PASS m () m com
Nov 9 08:53:16 envoy ftpd[2801]: ANONYMOUS FTP LOGIN FROM p9.pub.ro
[192.129.3.252], m () m com
Nov 9 08:53:16 envoy ftpd[2801]: TYPE Image
Nov 9 08:53:16 envoy ftpd[2801]: PORT
Nov 9 08:53:16 envoy ftpd[2801]: refused PORT 10.0.0.248,1362 from
p9.pub.ro [192.129.3.252]
Nov 9 08:53:17 envoy ftpd[2801]: PASV
Nov 9 08:53:17 envoy ftpd[2801]: SIZE
/pub/mirrors/chkrootkit/chkrootkit-poster-a1.pdf
Nov 9 08:53:17 envoy ftpd[2801]: REST 0
Nov 9 08:53:17 envoy ftpd[2801]: REST 100
Nov 9 08:53:17 envoy ftpd[2801]: RETR
/pub/mirrors/chkrootkit/chkrootkit-poster-a1.pdf
Nov 9 08:53:21 envoy ftpd[2801]: ABOR
Nov 9 08:53:21 envoy ftpd[2801]: FTP session closed
---end log ---
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- Quick question re FTP activity Timothy M. Lyons (Nov 11)
|
Intro
