[lug] Tracking Connections
D. Stimits
stimits at idcomm.com
Fri Aug 17 12:15:43 MDT 2001
Kyle Moore wrote:
>
> I have someone who keeps trying anonymous ftp on a couple of our
> servers. Syslog gives me the IP they are coming from but what I want to
> find out is how they come through our network. I don't have access to
> any of the routers' logs. My main concern here is someone is getting
> into our network that shouldn't...so I want to verify.
>
> NOTE: I know how horrible ftp is so I don't need any sermons on the
> wonders of ssh/scp.
>
> --
> Kyle
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
I'd add the offending ip(s) to a firewall rule. I also see some ftp
attempts at my firewall on occasion. You can also try opening a web
browser to the offending machine, maybe it has a web server. And try ftp
and telnet (you don't have to actually try to login, the login prompt
alone can give you info). If those fail, try telnet to port 25, see if
the smtp offers clues (again, you don't have to do anything, just see if
it offers info, type nonsense and let it boot you out). Try opening an
irc client to that machine. It's possible the owner doesn't even know
what is running there, and might be happy if you find an email address
and send the info.
D. Stimits, stimits at idcomm.com
More information about the LUG
mailing list