strange proftpd segfault and conntrack_ftp messages
Hello
Does anybody know a security bug for which this could be a hint?
(hostname and ip's faked for obvious reasons)
The server runs:
kernel 2.4.11-pre6
xined_2.1.8.8p3-1.1.deb
proftpd_1.2.4-2.deb
Except from that the IP only did some normal web browsing without any
tricks like tried cgi accesses or similar.
TIA,
-christian-
On Wed, Jan 02, 2002 at 03:45:03PM +0100, root wrote:
> Jan 2 15:44:17 server kernel: conntrack_ftp: partial PORT 2336475143+1
> Jan 2 15:44:18 server proftpd[3420]: server.domain (111.222.333.444[111.222.333.444]) - SECURITY VIOLATION: root login attempted.
> Jan 2 15:44:28 server kernel: conntrack_ftp: partial PORT 2339544491+1
> Jan 2 15:44:31 server proftpd[3425]: server.domain (111.222.333.444[111.222.333.444]) - ProFTPD terminating (signal 11)
> Jan 2 15:44:31 server xinetd[17612]: EXIT: ftp status=1 pid=3425 duration=8(sec)
--
Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
ch@westend.com Internet & Security for Professionals Fax 0241/911879
WESTEND ist CISCO Systems Partner - Premium Certified
Reply to: