[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:35146] Re: syslogとauthlogが違うアクセス

From: Kenshi Muto <kmuto@xxxxxxxxxxxxxxx>
Subject: [debian-users:35146] Re: syslogとauthlogが違うアクセス
Date: Thu, 31 Oct 2002 15:10:16 +0900
List-help: <mailto:debian-users-ctl@debian.or.jp?body=help>
List-id: debian-users.debian.or.jp
List-owner: <mailto:debian-users-admin@debian.or.jp>
List-post: <mailto:debian-users@debian.or.jp>
List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-unsubscribe: <mailto:debian-users-ctl@debian.or.jp?body=unsubscribe>
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-users-ctl@debian.or.jp; help=<mailto:debian-users-ctl@debian.or.jp?body=help>
X-ml-name: debian-users
X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
X-razor-id: 9b890d765c0708de00c24b43bab1a984cf750014
X-spam-level: **
X-spam-status: No, hits=2.0 required=10.0 tests=IN_REP_TO,ISO2022JP_CHARSET,ISO2022JP_BODY,CASHCASHCASH, HTTP_CTRL_CHARS_HOST,HTTP_ESCAPED_HOST,WEIRD_PORT version=2.31
X-virus-scanned: by AMaViS new-20020517
References: <20021031150737.61a203f8.y-taka21@xxxxxxxxxxxxxxx>
Message-id: <20021031061001.EC6405380C@xxxxxxxxxxxxxxxxxxxxxx>
X-mail-count: 35146
User-agent: Wanderlust/2.9.14 (Unchained Melody) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (Unebigory�mae) APEL/10.3 MULE XEmacs/21.4 (patch 8) (Honest Recruiter) (i386-debian-linux)

武藤＠Debianぷろじぇくとです。

At Thu, 31 Oct 2002 15:02:24 +0900,
yutaka wrote:
> ちょっと気になるlogが有りましたので御意見を頂きたいと思い投稿しました
> 
> /var/log/syslogに以下のようなアクセスが有り
> Oct 31 08:01:20 hoge proftpd[15276]: connect from 61.136.151.3
> Oct 31 08:01:20 hoge proftpd[15276]: No certificate files found! 
> Oct 31 08:01:20 hoge proftpd[15276]: ky-s.net (61.136.151.3[61.136.151.3]) - FTP session opened. 
> Oct 31 08:01:20 hoge proftpd[15276]: ky-s.net (61.136.151.3[61.136.151.3]) - FTP session closed. 
> 
> /var/log/auth.logにアクセスの記録が有りません
> Oct 31 07:40:02 hoge PAM_unix[15269]: (cron) session closed for user root
> Oct 31 08:40:01 hoge PAM_unix[15285]: (cron) session opened for user root by (uid=0)

1. ftpの最初のコネクションを張る
2. 認証フェーズ(ログイン名)になったらコネクションを切る

をやってみるとわかります。

まぁ単なるポートスキャンでは。
-- 
武藤 健志＠Debian/JPプロジェクト   (kmuto@debian.org, kmuto@debian.or.jp)
           日本Linux協会           (kmuto@xxxxxxxxxxx)
           株式会社トップスタジオ  (kmuto@xxxxxxxxxxxxxxx)
URI: http://www.topstudio.co.jp/~kmuto/ (Debianな話題など)

Follow-Ups:
- [debian-users:35147] Re: syslogとauthlogが違うアクセス
  - From: yutaka

References:
- [debian-users:35145] syslogとauthlogが違うアクセス
  - From: yutaka

Prev by Date: [debian-users:35145] syslogとauthlogが違うアクセス
Next by Date: [debian-users:35147] Re: syslogとauthlogが違うアクセス
Previous by thread: [debian-users:35145] syslogとauthlogが違うアクセス
Next by thread: [debian-users:35147] Re: syslogとauthlogが違うアクセス
Index(es):
- Date
- Thread