DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

Pages: 1

 

#1 2008-11-15 03:28:00

bkim
Member
Registered: 2008-08-20
Posts: 20

pure-ftpd: hack attempt?

I keep getting these messages:

Code:

Nov 14 17:05:23 NAS ftp.info pure-ftpd: (?@xxx.xx.x.xx) [INFO] Timeout - try typing a little faster next time
Nov 14 17:05:23 NAS ftp.info pure-ftpd: (?@xxx.xx.x.xx) [INFO] New connection from xxx.xx.x.xx
Nov 14 17:07:23 NAS ftp.info pure-ftpd: (?@xxx.xx.x.xx) [INFO] Timeout - try typing a little faster next time
Nov 14 17:07:23 NAS ftp.info pure-ftpd: (?@xxx.xx.x.xx) [INFO] New connection from xxx.xx.x.xx
Nov 14 17:09:23 NAS ftp.info pure-ftpd: (?@xxx.xx.x.xx) [INFO] Timeout - try typing a little faster next time
Nov 14 17:09:23 NAS ftp.info pure-ftpd: (?@xxx.xx.x.xx) [INFO] New connection from xxx.xx.x.xx
Nov 14 17:11:23 NAS ftp.info pure-ftpd: (?@xxx.xx.x.xx) [INFO] Timeout - try typing a little faster next time
Nov 14 17:11:24 NAS ftp.info pure-ftpd: (?@xxx.xx.x.xx) [INFO] New connection from xxx.xx.x.xx
Nov 14 17:13:23 NAS ftp.info pure-ftpd: (?@xxx.xx.x.xx) [INFO] Timeout - try typing a little faster next time
Nov 14 17:13:24 NAS ftp.info pure-ftpd: (?@xxx.xx.x.xx) [INFO] New connection from xxx.xx.x.xx
Nov 14 17:15:24 NAS ftp.info pure-ftpd: (?@xxx.xx.x.xx) [INFO] Timeout - try typing a little faster next time
Nov 14 17:15:24 NAS ftp.info pure-ftpd: (?@xxx.xx.x.xx) [INFO] New connection from xxx.xx.x.xx

The IP is the same.

It seems like someone is constantly keeping a FTP connection open and doesn't do anything.  For now, I have stopped port forwarding for 21. 

Any ideas?

Last edited by bkim (2008-11-15 03:28:25)

Offline

 

#2 2008-11-15 19:50:24

fordem
Member
Registered: 2007-01-26
Posts: 1938

Re: pure-ftpd: hack attempt?

Let me put it this way - were you expecting ftp access from xxx.xx.x.xx?

If the answer is no (and xxx.xx.x.xx is the same address every time) then yes, you can consider it a hack attempt.
If the answer is no (and xxx.xx.x.xx is an address within the same subnet every time) then yes, you can consider it a hack attempt.

Pretty much any time the answer is no, then yes, you can consider it a hack attempt - since any unauthorised access can be considered a hack attempt.

Offline

 

 

Pages: 1

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB