FTP "OTHER Root" Logs
Tyler Hall
plug-discuss@lists.PLUG.phoenix.az.us
Tue, 6 Feb 2001 21:39:04 -0700
This is a multi-part message in MIME format.
------=_NextPart_000_0081_01C09085.39C2ED20
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Seems I'm a little concered -- This is what shows up in my =
/var/log/secure file
Apr 3 21:33:20 gizmo xinetd[568]: START: ftp pid=3D17050 =
from=3D206.212.47.168
Apr 3 21:33:21 gizmo xinetd[17050]: USERID: ftp OTHER :root
Does that mean, someone "attemped to ftp as userid root and failed... or =
he attempted and suceeded?" I dont think you can FTP as root, but it =
looks like he did.. =20
Cheers,
Tyler Hall
"Goddam it, you'll never get the Purple Heart hiding in a foxhole! =
Follow me!"=20
- Captain Henry P. "Jim" Crowe (Guadalcanal, January 13, 1943)=20
------=_NextPart_000_0081_01C09085.39C2ED20
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4611.1300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Seems I'm a little concered =
-- This is what=20
shows up in my /var/log/secure file</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Apr 3 21:33:20 gizmo xinetd[568]: =
START: ftp=20
pid=3D17050 from=3D206.212.47.168<BR>Apr 3 21:33:21 gizmo =
xinetd[17050]:=20
USERID: ftp OTHER :root</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Does that mean, someone "attemped to =
ftp as userid=20
root and failed... or he attempted and suceeded?" I dont think you =
can FTP=20
as root, but it looks like he did.. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Cheers,<BR>Tyler Hall</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>"Goddam it, you'll never get the Purple =
Heart=20
hiding in a foxhole! Follow me!" <BR>- Captain Henry P. "Jim" Crowe=20
(Guadalcanal, January 13, 1943) </FONT></DIV></BODY></HTML>
------=_NextPart_000_0081_01C09085.39C2ED20--