[CLUE-Admin] unusual server activity
Jed S. Baer
thag at frii.com
Thu Dec 4 12:11:45 MST 2003
On Thu, 4 Dec 2003 11:33:58 -0700
Jeff Cann <j.cann at isuma.org> wrote:
> On Thursday 04 December 2003 10:45 am, Lynn Danielson wrote:
> >
> > Both the ftp account and services
> > have been disabled. So, I don't understand why there would
> > be any ftp user activity.
>
> My guess is script kiddies looking for FTP vulnerabilities. It is
> troubling that someone is logging in as ftp. Perhaps we should disable
> the 'ftp' account? At a minimum, we should change the password.
I'm missing something here? If the ftp account and services have been
disabled, then why do I get a username prompt when I attempt to ftp to
clue.denver.co.us?
Is there any reason to have ftp available on the box? Maybe it got turned
off manually some time ago, and the recent reboot (did that occur?)
restarted it.
jed
--
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list