FTP Server Logging

I monitor my router and ftp logs on Server 2003. As would be expected, port
21 packets show up in both. However, I have an instance where the router
shows an incoming and outgoing packet for port 21. However, no entry was
made in the ftp log.

The router shows

Nov 29, 2005 12:25:37.302 UTC - : 62649 >>> :
21 - FTP Scan
Nov 29, 2005 12:25:37.302 UTC - : 21 >>> :

The router would not generate an outgoing packet, hence the packet had to
have been generated by the server by the program listening on port 21

Nothing from that ip address is listed in the ftp log, the http log, the
firewall log, or the event log. I did not have a deny access entry in
directory security for that range of addresses (I do now).

Unless I am missing something, this would suggest that a packet was
processed by the ftp server but not recorded in the ftp log. How is that
possible and how to I correct it?



Relevant Pages

  • Re: Dropping SSH connections over the internet
    ... Packet corruption will not cause this. ... then the connection will drop. ... the incoming connection port gets mapped to another port on the outbound ... The router has to maintain a list of used ports as each connection gets ...
  • Re: command execution on router
    ... which in effect logs the packet info. ... > inbound telnet, etc on the wan port, and port 137 on the lan port. ... > RT314 gateway router. ...
  • RE: seeking a better understanding
    ... Packet inspection with a home router is a "packet filter" strictly ... source port blocking, it may or may not get through that. ... Other boxes are Linux. ...
  • Re: Design of a Router
    ... packet forward it and than close the port and move to the next and so ... would ideally like the router as small and as fast as possible. ... size of your buffer (just keep in mind that if you have 4 ports than ...
  • Re: Design of a Router
    ... use worm-hole routing i.e. a long packet can block other packets. ... each router would know where to forward the packet i.e. up, down, left ... packet forward it and than close the port and move to the next and so ... On the other scale you can have Buffer as big as worse time each port ...