Re: FTP Server Logging
- From: jeff.nospam@xxxxxxxx (Jeff Cochran)
- Date: Tue, 06 Dec 2005 04:49:18 GMT
On 30 Nov 2005 11:57:01 -0600, MikeV06 <me@xxxxxxxxxxx> wrote:
>I monitor my router and ftp logs on Server 2003. As would be expected, port
>21 packets show up in both. However, I have an instance where the router
>shows an incoming and outgoing packet for port 21. However, no entry was
>made in the ftp log.
>
>The router shows
>
>Nov 29, 2005 12:25:37.302 UTC - 58.12.31.109 : 62649 >>> 192.168.1.95 :
>21 - FTP Scan
>Nov 29, 2005 12:25:37.302 UTC - 192.168.1.95 : 21 >>> 58.12.31.109 :
>62649
>
>The router would not generate an outgoing packet, hence the packet had to
>have been generated by the server by the program listening on port 21
>(ftp).
>
>Nothing from that ip address is listed in the ftp log, the http log, the
>firewall log, or the event log. I did not have a deny access entry in
>directory security for that range of addresses (I do now).
>
>Unless I am missing something, this would suggest that a packet was
>processed by the ftp server but not recorded in the ftp log. How is that
>possible and how to I correct it?
Or it's processed by another program.
Jeff
.
- Follow-Ups:
- Re: FTP Server Logging
- From: MikeV06
- Re: FTP Server Logging
- References:
- FTP Server Logging
- From: MikeV06
- FTP Server Logging
- Prev by Date: RE: Authentication using Distinguished name instead of Certificates...
- Next by Date: Re: Anonymous NNTP access
- Previous by thread: FTP Server Logging
- Next by thread: Re: FTP Server Logging
- Index(es):
Relevant Pages
|
