lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue Jun 13 18:49:02 2006
From: andfarm at gmail.com (Andrew Farmer)
Subject: repeated port 21 attempts

On 6/13/06, Jacob Wu <Wu@....uwm.edu> wrote:
> They are all non routable 10.x.x.x IPs.  This is for a residence hall at my
> University.  Residents, when they first turn on their computers, are given a
> 10.x.x.x IP and made to register and agree with the network use policy.
> Once they do that they are given a "real" IP and thus access to the
> internet.

Are you doing something weird with DNS that's making this one machine's
address to show up on lookups, or messing with routing so that everything
gets redirected to this box?

If so, I'd wonder if this is some sort of bot that you're seeing
that's trying to
"call home" with FTP. It might behoove you to (kindly) ask the owner of one
of the machines to let you take a look at their machine to see what it's doing.

> Someone sent me this link:
>> Try websnarf:  http://www.unixwiz.net/tools/websnarf-1.04
> But it gives me less information than iptables does.

You may have to modify it to better imitate an FTP server - it was written for
use as a faux HTTP server. In particular, the client may be waiting for a banner
and/or greeting before it makes a request.

Powered by blists - more mailing lists