Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| Security Discuss UNIX and Linux computer and network security, cybersecurity, cyberattacks, IT security, CISSP, OWASP and more. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| HP-UX strange login problem | ashokd009 | HP-UX | 1 | 06-18-2009 12:30 PM |
| Investigating strange dialup activity with Wireshark | iBot | UNIX and Linux RSS News | 0 | 07-01-2008 11:20 AM |
| logfile | naveeng.81 | Shell Programming and Scripting | 1 | 04-07-2008 11:32 AM |
| setup a logfile for user login/logout ??? | pwd | UNIX for Dummies Questions & Answers | 3 | 04-02-2007 03:10 AM |
| setup a logfile for user login/logout ??? | pwd | HP-UX | 0 | 03-28-2007 03:45 AM |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
09-01-2009
|
||||
|
||||
|
FTP logfile shows strange activity at login
Has anyone seen or know what is causing this FTP log file line-item?
3 times when I successfully logged into FTP today, the log file shows a server response of a wrong password (530) to an IP address that is not mine... Below are FTP Log-file entries. I have removed my username & IP address: [2009/09/01 09:46:28] my_username 75.MY.IP.XXX: C="USER my_username" B=- S=331 [2009/09/01 09:46:28] my_username 74.9.212.42: C="PASS (hidden)" B=- S=530 [2009/09/01 09:46:30] my_username 75.MY.IP.XXX: C="PASS (hidden)" B=- S=230 [2009/09/01 09:46:30] my_username 75.MY.IP.XXX: C="FEAT" B=- S=211 ----------- [2009/09/01 10:13:39] my_username 75.MY.IP.XXX: C="USER my_username" B=- S=331 [2009/09/01 10:13:39] my_username 206.174.127.8: C="PASS (hidden)" B=- S=530 [2009/09/01 10:13:41] my_username 75.MY.IP.XXX: C="PASS (hidden)" B=- S=230 [2009/09/01 10:13:41] my_username 75.MY.IP.XXX: C="FEAT" B=- S=211 ----------- [2009/09/01 10:28:15] my_username 75.MY.IP.XXX: C="USER my_username" B=- S=331 [2009/09/01 10:28:15] my_username 69.229.165.99: C="PASS (hidden)" B=- S=530 [2009/09/01 10:28:17] my_username 75.MY.IP.XXX: C="PASS (hidden)" B=- S=230 [2009/09/01 10:28:17] my_username 75.MY.IP.XXX: C="FEAT" B=- S=211 ----------- Line 1: server acknowledges good username (331) from my IP address. Line 2: always at the same time stamp, the server tells someone else's IP address (associated with various ISPs around the country) that the password was refused (530). Line 3: a few seconds later, the password I sent is accepted (230) from my IP address. Line 4: my FTP client successfully starts its session... Any ideas what's causing this would be appreciated! Thank you. Last edited by bricolage; 09-01-2009 at 10:05 PM.. |
|
09-01-2009
|
|||||
|
|||||
|
Try running a whois against each unexpected IP address but one thought is that there is a DNS problem causing "odd" IP addresses to turn up for the name of your host perhaps?
|
|
09-01-2009
|
||||
|
||||
|
Thank you for the reply Tony.
DNS is an interesting thought. There's a chance that could explain the "odd" IP addresses. I don't know enough to say how though, or if it would also explain the refused password log item as well. It makes me think that something somewhere is miss-configured, poorly programmed or someone is being naughty. For what it's worth, WhoIs says that the three "odd" IP addresses are assigned to three different ISPs around the USA: PaeTec Communications, General Communication and AT&T Internet Services. The extra IP address and refused password code don't show up for every log-in attempt I make, only some. |
|
| Bookmarks |
| Tags |
| log |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Hybrid Mode
