[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

strange proftpd segfault and conntrack_ftp messages


Does anybody know a security bug for which this could be a hint?
(hostname and ip's faked for obvious reasons)

The server runs: 
	kernel 2.4.11-pre6

Except from that the IP only did some normal web browsing without any
tricks like tried cgi accesses or similar.



On Wed, Jan 02, 2002 at 03:45:03PM +0100, root wrote:
> Jan  2 15:44:17 server kernel: conntrack_ftp: partial PORT 2336475143+1
> Jan  2 15:44:18 server proftpd[3420]: server.domain (111.222.333.444[111.222.333.444]) - SECURITY VIOLATION: root login attempted. 
> Jan  2 15:44:28 server kernel: conntrack_ftp: partial PORT 2339544491+1
> Jan  2 15:44:31 server proftpd[3425]: server.domain (111.222.333.444[111.222.333.444]) - ProFTPD terminating (signal 11) 
> Jan  2 15:44:31 server xinetd[17612]: EXIT: ftp status=1 pid=3425 duration=8(sec)

Christian Hammers    WESTEND GmbH - Aachen und Dueren     Tel 0241/701333-0
ch@westend.com     Internet & Security for Professionals    Fax 0241/911879
           WESTEND ist CISCO Systems Partner - Premium Certified

Reply to: