[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8076303e0606131048n659ce8a8p946a8604ab0d0c32@mail.gmail.com>
Date: Tue Jun 13 18:49:02 2006
From: andfarm at gmail.com (Andrew Farmer)
Subject: repeated port 21 attempts
On 6/13/06, Jacob Wu <Wu@....uwm.edu> wrote:
> They are all non routable 10.x.x.x IPs. This is for a residence hall at my
> University. Residents, when they first turn on their computers, are given a
> 10.x.x.x IP and made to register and agree with the network use policy.
> Once they do that they are given a "real" IP and thus access to the
> internet.
Are you doing something weird with DNS that's making this one machine's
address to show up on lookups, or messing with routing so that everything
gets redirected to this box?
If so, I'd wonder if this is some sort of bot that you're seeing
that's trying to
"call home" with FTP. It might behoove you to (kindly) ask the owner of one
of the machines to let you take a look at their machine to see what it's doing.
> Someone sent me this link:
>> Try websnarf: http://www.unixwiz.net/tools/websnarf-1.04
> But it gives me less information than iptables does.
You may have to modify it to better imitate an FTP server - it was written for
use as a faux HTTP server. In particular, the client may be waiting for a banner
and/or greeting before it makes a request.
Powered by blists - more mailing lists