Re: Report on last cmd
Not sure that your sendmail problem is related to this issue but...
It looks like you have an anonymous ftp account enabled on your machine.
Considering that these IPs are logging in for less than one minute I
would venture to guess that "they" are scanning IPs looking for
anonymous ftp accounts that "they" can go back to later and use in
whatever way "they" want to.
If you do not require outside anon ftp access I would suggest you block
the ftp port along with all the other ports that do not require outside
access.
Also, if you are not in need of anon ftp, disable it.
If you don't need ftp at all, disable the ftpd demon.
I have noted that it is pretty common to see this sort of activity on a
system with anon ftp enabled.
have fun,
Ted
On Fri, Oct 04, 2002 at 07:03:21PM +0800, Glen Tapley wrote:
> Hello
>
> I have been having a lot of trouble with my sendmail setup, someone is using my system. I have found that when I run the last cmd, I find a lot of strange entries such as
>
> ftp ftp p50852BD8.dip.t- Sun Oct 6 03:57 - 03:57 (00:00)
> ftp ftp p508ECDDA.dip.t- Sun Oct 6 03:37 - 03:37 (00:00)
> ftp ftp 212.171.38.1 Sat Oct 5 23:16 - 23:16 (00:00)
> ftp ftp 210.23.10.25 Sat Oct 5 18:40 - 18:40 (00:00)
>
> Can anyone tell me what these are, are they the result of programs accessing my TCP/IP addresses?
>
> Tx in advance.
>
> glt
>
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
WAR IS GOOD
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH
Reply to: