This one time, at band camp, Hal said:
I run a potato server on an ethernet behind a firewall connected by dsl to the internet. The only service exposed is ftp, In the middle of last night ippl reported an ftp connection attempt from 192.168.1,1 The network behind my firewall uses 192.168.75.xx addressses for one Redhat and a couple of Windows machines as well as the debian ftp server. Any idea where the 192.168.1.1 attempt is coming from? Is it likely to have been spoofed over the internet as part of an attack?
--
---> Hal <----> klingons@speakeasy.org <---
--
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
It may have been, or it may have been somebody else on a LAN, with IP
addressing schema 192.168.1.x, who forgot to use passive-ftp. I guess
you'd have to look around and see what they tried to do.
HTH,
Steve