Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Am I under attack?

Status
Not open for further replies.
josel

josel

Programmer
Oct 16, 2001
716
US
I just decided to check my /usr/adm/syslog file and found this message

9:21:29 fpdev ftpd[10796]: repeated login failures from 210-202-63-73.cctv.dynamc.lsc.net.tw [210.202.63.73]
Mar 13 09:21:29 fpdev ftpd[10796]: #2 open of pid file failed: No such file or directory


I guess I am a very bad administrator since this has been going on since Sept. last year and I just noticed. Like these messages, there are thousand others ...

What can I do to protect myself from these guys?

Thanks,


Jose Lerebours


KNOWLEDGE: Something you can give away endlessly and gain more of it in the process! - Jose Lerebours
 
Sort by date Sort by votes
Jose,

I don't have a solution for you, but if there is comfort in knowing you are not alone, I can provide that. I don't use ftp that much, so I have disabled it and re-enable when I have the need.

I was finding systems were trying to do an ftp connect at times for 12 hrs continuously! Even though there is a max number of failed login attempts, the remote system just starts a new login process and away you go again.

Anonymous ftp has never been enabled. I tried putting every username on my system in the fpusers file, but that didn't seem to stop the onslaught. I'm pretty certain that nobody ever go in, but it is bothersome.

I haven't got the slightest idea what the game is.


Jim Asman
 
Upvote 0 Downvote
Hello Jim!

It is great to hear from a familiar person. It is really anoying to have this sort of thing going on. I do need my ftp deamon running as I transfer data to my SCO box from various sites.

Since I use VPN and my ftp connections are really through my encripted tunnels, I just closed the pin-wholes in my router (disabled ports 21 & 23).

I guess that this should keep them away for good!

Of course, the downside to this is that when I am at a site outside my intranet, this SCO box is not reachable ...

Regards,


Jose Lerebours



KNOWLEDGE: Something you can give away endlessly and gain more of it in the process! - Jose Lerebours
 
Upvote 0 Downvote

josel,

I also share your frustrations. What I can suggest is getting a firewall/router that also can act as a vpn server.

I've done this and it is great, I just vpn to my router when I am outside my intranet and have 'local' access.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

orbur
  • Locked
  • Question
firewall synchronization under OpenBSD
Replies
0
Views
296
orbur
orbur
ziggy6
  • Locked
  • Question
Help using awk or some kind of Tool in Unix to Read a file, cut fields and write to a file
Replies
2
Views
446
mikrom
mikrom
ziggy6
  • Locked
  • Question
Trying to Install Openssl 1.1.1. on SCO 5.0.7
Replies
0
Views
380
ziggy6
ziggy6
mduddytel
  • Locked
  • Question
Unix Root inbox - how to clear
Replies
0
Views
352
mduddytel
mduddytel
mduddytel
  • Locked
  • Question
Permissions issue? 1
Replies
8
Views
439
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top