Re: FTP logs

From: Jeff Cochran (jeff.nospam_at_zina.com)
Date: 07/30/04 

Date: Fri, 30 Jul 2004 16:38:12 GMT

On Thu, 29 Jul 2004 17:46:34 -0700, "Joe"
<anonymous@discussions.microsoft.com> wrote:

>Hello,
>
>I am new to IIS FTP and been enjoying it. But I have not
>yet had the time to understand what to look for in the
>logs as compared to HTTP. I have seen this in the logs
>
>16:18:31 82.83.71.242 [22]USER anonymous 331 0
>16:18:31 82.83.71.242 [22]PASS Tgpuser@home.com 530 1326
>17:53:39 66.237.251.142 [23]USER anonymous 331 0
>17:53:39 66.237.251.142 [23]PASS IEUser@ 530 1326
>17:53:41 66.237.251.142 [24]USER anonymous 331 0
>17:53:41 66.237.251.142 [24]PASS IEUser@ 530 1326
>17:53:49 66.237.251.142 [25]USER SUBMIT 331 0
>17:53:49 66.237.251.142 [25]PASS - 230 0
>
>
>I do not know who this is below. I do not have FTP set
>anonymously. You have to log in. So I don't understand the
>anonymous part or the assuming email address.
>
>16:18:31 82.83.71.242 [22]USER anonymous 331 0
>16:18:31 82.83.71.242 [22]PASS Tgpuser@home.com 530 1326

The 331 response is that the user is Okay, but that doesn't
necessarily mean that the user Anonymous is allowed access. The 530
is Not Logged In, basically meaning the username/password combination
isn't accepted.

>and I cannot tell if they were successful in logging on
>an I get a quick run down on what the numbers mean [25]
>[24]

>and also what is a 200 and a 331 in the FTP side of IIS
>6.0

You can check FTP reply codes at:

http://www.networksorcery.com/enp/protocol/ftp.htm

Jeff

Relevant Pages

  • Re: Sendmail Hacked
    ... > connection which is weird because I didn't know I had ftp running. ... I checked the ftp logs and they've all been cleared. ... They trace the spam back to you by the ... need sendmail running, or FTP, or telnet. ...
    (comp.os.linux.security)
  • FTP logs
    ... I am new to IIS FTP and been enjoying it. ... I have seen this in the logs ...
    (microsoft.public.inetserver.iis.security)
  • Re: Help -- Have I been rooted?
    ... I only allowed ssh, httpd, and ftp port forwarding to my ... machine for the past few days while I used a store bought router. ... I checked the router logs and was greeted by pages of stuff like this: ...
    (comp.os.linux.security)
  • Re: Question on Internet access of vsftp server
    ... > Pete Nesbitt wrote: ... >> you should check your logs, and also add a LOG entry to the firewall DENY ... >>Depending on your exact rules, add something like this, just blow your FTP ...
    (RedHat)
  • Sendmail Hacked
    ... I recently inherited a Linux nightmare. ... connection which is weird because I didn't know I had ftp running. ... I checked the ftp logs and they've all been cleared. ... procmail: Assuming identity of the recipient, ...
    (comp.os.linux.security)