Re: odd proftpd activity

• Next message: Crazy Linux: "nmap results in html format"
• Previous message: Thor Jansen: "Re: Has my webserver been hacked?"
• In reply to: noone@nowhere.org: "Re: odd proftpd activity"
• Next in thread: Jem Berkes: "Re: odd proftpd activity"
• Reply: Jem Berkes: "Re: odd proftpd activity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: thorjansen@yahoo.com (Thor Jansen)
Date: 26 Apr 2002 10:04:05 -0700

noone@nowhere.org wrote in message news:<aa6ssr$8acmu$1@ID-75584.news.dfncis.de>...

> 21/tcp open ftp

Possible security hole. First, make sure you're running the latest
version, especially if you're using wu-ftpd. Is there any particular
reason you're running an ftp server? Unless you're running an anon FTP
server, I'd turn it off. FTP passes login info in the clear. Use sftp
instead.

> 23/tcp open telnet

Security hole. Why use telnet? It passes everything in the clear,
including username and password. You've got ssh, use it instead.

> 25/tcp open smtp

Make sure you've not opened smtp and submission up to the entire
world, unless you fully intend to.

> 53/tcp open domain
> 53/udp open domain

Is there any particular reason you need to run your own DNS? If not,
put your ISP's nameservers in /etc/resolv.conf.

> 111/tcp open sunrpc
> 111/udp open sunrpc

There's hardly ever a good reason to have sunrpc running.

> 1024/udp open unknown

Hmm, what's this? Do you know what app is listening on this port?

Make sure you're not nmapping from your own box, the readings won't
necessarily be accurate, especially if you're nmapping localhost
rather than eth[X].

• Next message: Crazy Linux: "nmap results in html format"
• Previous message: Thor Jansen: "Re: Has my webserver been hacked?"
• In reply to: noone@nowhere.org: "Re: odd proftpd activity"
• Next in thread: Jem Berkes: "Re: odd proftpd activity"
• Reply: Jem Berkes: "Re: odd proftpd activity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: FTP files dissappearing!! ... I don't see any reason why you couldn't also easily enable a free sniffer to ... you should be able to enable FTP logging and logging on your ... Synchronizing the time on your FTP server and firewall ... and then correlating the two logs may help you determine which IP address is ... (microsoft.public.inetserver.iis.security) Re: ftp server setup ... I think the reason is my zonealarm is blocking access to my port 21. ... I open my open 21 so that my ftp server service can work? ... (comp.security.firewalls) Re: MS FTP apparently not available, Please help ... in London for his choice). ... For that reason I need the MS FTP as in ... up the IIS FTP server, I can't help you with that. ... (microsoft.public.win2000.general) Re: FTP Server ... Is there some reason you can't use the ... > one that comes with IIS? ... IIS is probably the worst FTP server ever. ... (microsoft.public.dotnet.languages.csharp) Re: Microsoft FTP Server problem on W2K? ... It is a UNISYS ClearPath mainframe system that is trying to FTP using ... passive mode to a MS FTP server. ... Currently the mainframe FTPs in ACTIVE mode. ... Since the mainframe pushes files to our customers over a WAN connection, ... (microsoft.public.inetserver.iis.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint