[430] in Intrusion Detection Systems

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

What the heck is this???

daemon@ATHENA.MIT.EDU (John-David Childs)
Thu Nov 23 10:31:31 1995

Date: Wed, 22 Nov 1995 17:25:19 -0700 (MST)
From: John-David Childs <jdc@ism.net>
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au

A colleague sent this extract from his log analyzer.  I've never seen 
anything like it.  He's concerned about the "connection from localhost"
messages.  They are running wu-ftp 2.4(8) with patches for virtual-ftp.
Thanks in advance for any suggestions.
--

Nov  9 10:56:23 ftpd[28299]: connect from tstd1.greenvil.ingr.com
Nov  9 10:56:36 ftpd[28299]: connection from localhost [0.0.0.0]
Nov  9 10:56:36 ftpd[28299]: FTP session closed

Nov  9 15:28:10 ftpd[4800]: connect from 199.201.127.144
Nov  9 15:28:14 ftpd[4800]: connection from localhost [0.0.0.0]
Nov  9 15:28:14 ftpd[4800]: FTP session closed

Nov  9 21:02:09 ftpd[12167]: connect from ip210-176.wiu.bgu.edu
Nov  9 21:02:14 ftpd[12167]: connection from localhost [0.0.0.0]
Nov  9 21:02:14 ftpd[12167]: FTP session closed

Nov 10 12:10:55 ftpd[641]: connect from 138.73.27.117
Nov 10 12:10:59 ftpd[641]: connection from localhost [0.0.0.0]
Nov 10 12:10:59 ftpd[641]: FTP session closed

Nov 15 14:59:56 ftpd[21478]: connect from annex6-64.dial.umd.edu
Nov 15 14:59:59 ftpd[21478]: connection from localhost [0.0.0.0]
Nov 15 15:00:00 ftpd[21478]: FTP session closed

Nov 20 17:55:21 ftpd[11290]: connect from hyperion.dorm.umd.edu
Nov 20 17:55:25 ftpd[11290]: connection from localhost [0.0.0.0]
Nov 20 17:55:25 ftpd[11290]: FTP session closed
--

John-David Childs                http://www.ism.net/~jdc
Information Systems Tech         University of Montana-Missoula (406)243-2321
System Administrator             Internet Services Montana (406)542-0838
"I used up all my sick days...   so I'm calling in dead"

home	help	back	first	fref	pref	prev	next	nref	lref	last	post