Atomicorp

Posted: **Tue Jan 04, 2011 4:39 am**

Just to make sure I understand this log entries correctly.
Someone knocked at my ftp server to receive the ftp server version via the "welcome" response!
Is this correct?
Thanks

Jan 4 04:37:23 servername xinetd[20809]: START: ftp pid=15919 from=219.148.33.74
Jan 4 04:37:23 servername proftpd[15919]: xxx.xxx.xxx.xxx (219.148.33.74[219.148.33.74]) - FTP session opened.
Jan 4 04:37:24 servername proftpd[15919]: xxx.xxx.xxx.xxx (219.148.33.74[219.148.33.74]) - FTP session closed.
Jan 4 04:37:24 servername xinetd[20809]: EXIT: ftp status=0 pid=15919 duration=1(sec)

Posted: **Tue Jan 04, 2011 10:24 am**

exactly, something connected for no more than a second

Posted: **Tue Jan 04, 2011 4:09 pm**

thanks, it connected but did not login, right?
otherwise login would have been logged too as I know.

Thanks

Posted: **Tue Jan 04, 2011 4:38 pm**

right, it might have been as simple as a syn packet hitting that port. Nothing interactive happened. Maybe a recon

Posted: **Tue Jan 04, 2011 4:55 pm**

thank you

Atomicorp

ftp server check?

ftp server check?

Re: ftp server check?

Re: ftp server check?

Re: ftp server check?

Re: ftp server check?