Re: FTP Server Logging



On Tue, 06 Dec 2005 04:49:18 GMT, Jeff Cochran wrote:

> On 30 Nov 2005 11:57:01 -0600, MikeV06 <me@xxxxxxxxxxx> wrote:
>
>>I monitor my router and ftp logs on Server 2003. As would be expected, port
>>21 packets show up in both. However, I have an instance where the router
>>shows an incoming and outgoing packet for port 21. However, no entry was
>>made in the ftp log.
>>
>>The router shows
>>
>>Nov 29, 2005 12:25:37.302 UTC - 58.12.31.109 : 62649 >>> 192.168.1.95 :
>>21 - FTP Scan
>>Nov 29, 2005 12:25:37.302 UTC - 192.168.1.95 : 21 >>> 58.12.31.109 :
>>62649
>>
>>The router would not generate an outgoing packet, hence the packet had to
>>have been generated by the server by the program listening on port 21
>>(ftp).
>>
>>Nothing from that ip address is listed in the ftp log, the http log, the
>>firewall log, or the event log. I did not have a deny access entry in
>>directory security for that range of addresses (I do now).
>>
>>Unless I am missing something, this would suggest that a packet was
>>processed by the ftp server but not recorded in the ftp log. How is that
>>possible and how to I correct it?
>
> Or it's processed by another program.
>
> Jeff

I have used netstat -nab and procexp to see what the system is doing and do
not see anything strange. I have not seen the pattern happen again since
the one time.

How could I monitor the port for that activity? I wish I had some of the
Linux tools ... iptables, tcpdump, and so on.
.



Relevant Pages

  • Re: command execution on router
    ... which in effect logs the packet info. ... > inbound telnet, etc on the wan port, and port 137 on the lan port. ... > RT314 gateway router. ...
    (Security-Basics)
  • Re: Dropping SSH connections over the internet
    ... Packet corruption will not cause this. ... then the connection will drop. ... the incoming connection port gets mapped to another port on the outbound ... The router has to maintain a list of used ports as each connection gets ...
    (Ubuntu)
  • RE: seeking a better understanding
    ... Packet inspection with a home router is a "packet filter" strictly ... source port blocking, it may or may not get through that. ... Other boxes are Linux. ...
    (Security-Basics)
  • Re: Design of a Router
    ... packet forward it and than close the port and move to the next and so ... would ideally like the router as small and as fast as possible. ... size of your buffer (just keep in mind that if you have 4 ports than ...
    (comp.lang.verilog)
  • Re: Design of a Router
    ... use worm-hole routing i.e. a long packet can block other packets. ... each router would know where to forward the packet i.e. up, down, left ... packet forward it and than close the port and move to the next and so ... On the other scale you can have Buffer as big as worse time each port ...
    (comp.lang.verilog)