Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Runnign AIX ftpd someone is att

Status
Not open for further replies.

ui05067

MIS
Aug 24, 2001
18
US
Runnign AIX ftpd

someone is attempting to login with an incorrect password
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: u111t0002 FTP server (Version 4.2 Fri Apr 6 19:34:30 CDT 2018) ready.
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: command: USER hci^M
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: <--- 331
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: Password required for hci.
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: command: PASS
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: <--- 530
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: Login incorrect.
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: command: QUIT^M
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: <--- 221
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: Goodbye.
Jan 18 15:35:25 u111t0002 daemon:debug ftpd[39059690]: <--- 220

I would like to determine the ip / hostname of the client sender:

what exactly do i configure for a log t spell that out?

TY
 
Find out who was assigned the user ID: hci and you will know who has the wrong password.
From:
Code:
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: command: USER hci^M
 
multiple systems using this id :-/

need to know which system is passing incorrect passwd

which system = ip
 
we are in ftp.lobug mode and source is loopback... so its an inside job...……...still looking
 
Not sure about ftpd options on AIX. You could run tcpdump and capture the traffic. That would be somewhat involved though.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top