No I gave up on ftp years ago / 2015-04-10

2015-04-10 No I gave up on ftp years ago 5 years ago
I am used to seeing ftp scans (single packet) or real connect attempts (three packets) in the firewall logs from time to time. But this is new, the last few days there have been repeated connection attempts (3 packets for each source port) from several different IPv4 addresses.
Apr  9 09:45:07 greenblatt kernel: [9368095.406323] FW reject: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54188 DF PROTO=TCP SPT=42284 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 09:45:07 greenblatt kernel: [9368095.406636] FW reject: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54189 DF PROTO=TCP SPT=42285 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 09:45:08 greenblatt kernel: [9368095.600015] FW reject: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54206 DF PROTO=TCP SPT=42284 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 09:45:08 greenblatt kernel: [9368095.600329] FW reject: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54207 DF PROTO=TCP SPT=42285 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 09:45:08 greenblatt kernel: [9368095.800311] FW reject: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54209 DF PROTO=TCP SPT=42284 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 09:45:08 greenblatt kernel: [9368095.834389] FW reject: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54216 DF PROTO=TCP SPT=42298 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0

Apr  9 15:19:31 greenblatt kernel: [9376229.358588] FW dropped: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=21161 DF PROTO=TCP SPT=13089 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 15:19:34 greenblatt kernel: [9376230.559851] FW dropped: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=21180 DF PROTO=TCP SPT=13089 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 15:19:40 greenblatt kernel: [9376232.980904] FW dropped: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=21224 DF PROTO=TCP SPT=13089 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0

Apr 10 08:21:04 greenblatt kernel: [9402534.350429] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=9124 DF PROTO=TCP SPT=10002 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 08:21:04 greenblatt kernel: [9402534.653582] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=9273 DF PROTO=TCP SPT=10002 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 08:21:05 greenblatt kernel: [9402535.002381] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=9320 DF PROTO=TCP SPT=10002 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 08:22:25 greenblatt kernel: [9402566.855279] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=12941 DF PROTO=TCP SPT=10436 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 08:24:00 greenblatt kernel: [9402604.705345] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=16545 DF PROTO=TCP SPT=10882 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 08:25:45 greenblatt kernel: [9402646.825970] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=21008 DF PROTO=TCP SPT=11378 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0

Apr 10 09:35:50 greenblatt kernel: [9404337.065473] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=1738 DF PROTO=TCP SPT=11259 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 09:35:51 greenblatt kernel: [9404337.387287] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=1859 DF PROTO=TCP SPT=11262 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 09:35:52 greenblatt kernel: [9404337.748446] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=1964 DF PROTO=TCP SPT=11267 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
All firewalled safely, there is no ftp service configured.

A new attack?

Tags: ,

, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.004571 seconds.