From owner-freebsd-security Tue Jul 6 18:37:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from phoenix (phoenix.aye.net [206.185.8.134]) by hub.freebsd.org (Postfix) with SMTP id C6D4C1537A for ; Tue, 6 Jul 1999 18:36:59 -0700 (PDT) (envelope-from barrett@phoenix.aye.net) Received: (qmail 9112 invoked by uid 1000); 7 Jul 1999 01:34:10 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 7 Jul 1999 01:34:10 -0000 Date: Tue, 6 Jul 1999 21:34:10 -0400 (EDT) From: Barrett Richardson To: cjclark@home.com Cc: freebsd-security@freebsd.org Subject: Re: Failed FTP Attempts In-Reply-To: <199907061737.NAA19710@cc942873-a.ewndsr1.nj.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 6 Jul 1999, Crist J. Clark wrote: > Hmmm... noticed these in my logs: > > Jul 6 10:05:37 cc942873-a ftpd[19216]: connection from lon-c45-001-vty4.as.wcom.net (195.232.2.4) > Jul 6 10:05:37 cc942873-a ftpd[19216]: ANONYMOUS FTP LOGIN REFUSED FROM lon-c45-001-vty4.as.wcom.net > Jul 6 10:05:37 cc942873-a ftpd[19216]: FTP LOGIN FAILED FROM lon-c45-001-vty4.as.wcom.net, mp3 > Jul 6 10:05:38 cc942873-a ftpd[19216]: FTP LOGIN FAILED FROM lon-c45-001-vty4.as.wcom.net, warez > Jul 6 10:05:40 cc942873-a ftpd[19216]: FTP LOGIN FAILED FROM lon-c45-001-vty4.as.wcom.net, leech > I've seen attempted logins for warez and leech on my machine also. A guess is that these are accounts typically set up by script kiddies that have been able to add accounts on systems. They must use those account names to store and trade their pirated goodies. - Barrett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message