Luke Vogel <firstname.lastname@example.org> wrote in message news:<3CA59AAF.91EC6925@bell-bird.com.au>...
> David Schlecht wrote:
> > Hi All,
> > I run a Linux box behind a firewall. I'm running ProFTP v1.2.
> There were vulnerable versions of proftpd 1.2.0pre?
> > I've recently tightened down the firewall and started logging
> > failed FTP attempts. I'm absolutely astonished at the number
> > of failed attempts. I must get between 10 and 25 each day.
> > I'm also monitoring port 111 (among others) and get about
> > half as many hits to this port.
> > These don't seem like run-of-the-mill port scans since the the same
> > source IP doesn't usually hit both the ports in question. That's making
> > the brash assumption that the source IPs aren't spoofed.
> no, perhaps not, but they may be coming from compromised hosts.
> > The FTP server didn't allow anonymous login before so I'm surprised at
> > the amount of traffic.
> They are not specifically looking for you ... they scan a whole net
> block looking for vulnerable "targets".
> > 1. Any ideas what's going in here?
> It is probably a number of skript kiddies (not necessarily related)
> doing a net block scan for a number of vulnerable daemons.
> > 2. Would this list of source IPs be of any value to Internet
> > security investigators?
> You would be wasting your time and theirs ... it is not illegal to
> perform port scans
> Q: What does FAQ stand for?
> A: We are Frequently Asked this Question, and we have no idea.
> C.O.L.S FAQ - http://www.linuxsecurity.com/docs/colsfaq.html
> Note: Remove NOSPAM from my return address if necessary
True, it's not illegal to port scan, but many ISPs will not tolerate
it. I know that first hand as I too - see many many input DENYs on my
firewall in the course of the day. I've written a script that will
alert me if I have someone scanning me. I then send the log to the
ISP. Many people have had to find another ISP because if this. When a
port probe comes from Israel or Hong Kong....or wherever...then
Hello!!!...Is this node just trying to non-maliciously find out what
friendly services are being offered from my node?...lol.