Runnign AIX ftpd someone is att

[ui05067]

Runnign AIX ftpd

someone is attempting to login with an incorrect password
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: u111t0002 FTP server (Version 4.2 Fri Apr 6 19:34:30 CDT 2018) ready.
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: command: USER hci^M
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: <--- 331
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: Password required for hci.
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: command: PASS
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: <--- 530
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: Login incorrect.
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: command: QUIT^M
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: <--- 221
Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: Goodbye.
Jan 18 15:35:25 u111t0002 daemon:debug ftpd[39059690]: <--- 220

I would like to determine the ip / hostname of the client sender:

what exactly do i configure for a log t spell that out?

TY

 

[iggsterman]

Find out who was assigned the user ID: hci and you will know who has the wrong password.
From:

Jan 18 15:35:24 u111t0002 daemon:debug ftpd[39059688]: command: USER hci^M

 

[Bobytak]

multiple systems using this id :-/

need to know which system is passing incorrect passwd

which system = ip

 

[Bobytak]

we are in ftp.lobug mode and source is loopback... so its an inside job...……...still looking

 

[iggsterman]

Not sure about ftpd options on AIX. You could run tcpdump and capture the traffic. That would be somewhat involved though.