xinetd starting mystery FTP
Steve St-Laurent
st-laur at telus.net
Sat May 29 18:12:50 PDT 2004
From: st-laur at telus.net
Subject: Re: X-Servers Digest #300
Date: May 29, 2004 6:11:20 PM PDT
To: X-Servers at lists.themacintoshguy.com
To my question about xinetd starting mystery FTP:
I'm showing these messages in my OS X Server 10.3 system log:
May 28 16:43:50 HoleComm xinetd[403]: START: ftp pid=18327
from=24.80.152.26
May 28 17:12:48 HoleComm xinetd[403]: START: ftp pid=18664
from=80.170.195.165
Has the security been hacked? I don't see any activity showing up in
the FTP log.
Eugene Lee replied:
> If you have an FTP server enabled, the above logs are typical and show
> that other people are trying to connect via FTP. Check your FTP logs
> or
> your system logs for messages like:
>
> May 28 16:43:50 ftp ftpd[18327]: ANONYMOUS FTP LOGIN FROM 24.80.152.26
> May 28 17:12:48 ftp ftpd[18664]: ANONYMOUS FTP LOGIN FROM
> 80.170.195.165
>
> Better yet, if you don't need FTP, turn it off and switch to SFTP which
> is part of SSH.
Well, I need FTP for some clients but the server is configured with NO
anonymous logins. I had thought this was a reasonable safety measure.
No? And the logs show no FTP activity that I don't know about. So START
doesn't mean connect, just attempt to connect? Thanks.
-------------
Steve St-Laurent | <st-laur at telus.net>
More information about the X-Servers
mailing list