Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Am I under attack?

Status
Not open for further replies.

josel

Programmer
Oct 16, 2001
716
US
I just decided to check my /usr/adm/syslog file and found this message

9:21:29 fpdev ftpd[10796]: repeated login failures from 210-202-63-73.cctv.dynamc.lsc.net.tw [210.202.63.73]
Mar 13 09:21:29 fpdev ftpd[10796]: #2 open of pid file failed: No such file or directory


I guess I am a very bad administrator since this has been going on since Sept. last year and I just noticed. Like these messages, there are thousand others ...

What can I do to protect myself from these guys?

Thanks,


Jose Lerebours


KNOWLEDGE: Something you can give away endlessly and gain more of it in the process! - Jose Lerebours
 
Jose,

I don't have a solution for you, but if there is comfort in knowing you are not alone, I can provide that. I don't use ftp that much, so I have disabled it and re-enable when I have the need.

I was finding systems were trying to do an ftp connect at times for 12 hrs continuously! Even though there is a max number of failed login attempts, the remote system just starts a new login process and away you go again.

Anonymous ftp has never been enabled. I tried putting every username on my system in the fpusers file, but that didn't seem to stop the onslaught. I'm pretty certain that nobody ever go in, but it is bothersome.

I haven't got the slightest idea what the game is.


Jim Asman
 
Hello Jim!

It is great to hear from a familiar person. It is really anoying to have this sort of thing going on. I do need my ftp deamon running as I transfer data to my SCO box from various sites.

Since I use VPN and my ftp connections are really through my encripted tunnels, I just closed the pin-wholes in my router (disabled ports 21 & 23).

I guess that this should keep them away for good!

Of course, the downside to this is that when I am at a site outside my intranet, this SCO box is not reachable ...

Regards,


Jose Lerebours



KNOWLEDGE: Something you can give away endlessly and gain more of it in the process! - Jose Lerebours
 

josel,

I also share your frustrations. What I can suggest is getting a firewall/router that also can act as a vpn server.

I've done this and it is great, I just vpn to my router when I am outside my intranet and have 'local' access.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top