No I gave up on ftp years ago / 2015-04-10

2015-04-10 No I gave up on ftp years ago
I am used to seeing ftp scans (single packet) or real connect attempts (three packets) in the firewall logs from time to time. But this is new, the last few days there have been repeated connection attempts (3 packets for each source port) from several different IPv4 addresses.
Apr  9 09:45:07 greenblatt kernel: [9368095.406323] FW reject: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54188 DF PROTO=TCP SPT=42284 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 09:45:07 greenblatt kernel: [9368095.406636] FW reject: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54189 DF PROTO=TCP SPT=42285 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 09:45:08 greenblatt kernel: [9368095.600015] FW reject: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54206 DF PROTO=TCP SPT=42284 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 09:45:08 greenblatt kernel: [9368095.600329] FW reject: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54207 DF PROTO=TCP SPT=42285 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 09:45:08 greenblatt kernel: [9368095.800311] FW reject: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54209 DF PROTO=TCP SPT=42284 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 09:45:08 greenblatt kernel: [9368095.834389] FW reject: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54216 DF PROTO=TCP SPT=42298 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0

Apr  9 15:19:31 greenblatt kernel: [9376229.358588] FW dropped: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=21161 DF PROTO=TCP SPT=13089 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 15:19:34 greenblatt kernel: [9376230.559851] FW dropped: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=21180 DF PROTO=TCP SPT=13089 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0
Apr  9 15:19:40 greenblatt kernel: [9376232.980904] FW dropped: IN=ppp0 OUT= MAC= SRC=46.119.76.40 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=21224 DF PROTO=TCP SPT=13089 DPT=21 WINDOW=64380 RES=0x00 SYN URGP=0

Apr 10 08:21:04 greenblatt kernel: [9402534.350429] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=9124 DF PROTO=TCP SPT=10002 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 08:21:04 greenblatt kernel: [9402534.653582] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=9273 DF PROTO=TCP SPT=10002 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 08:21:05 greenblatt kernel: [9402535.002381] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=9320 DF PROTO=TCP SPT=10002 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 08:22:25 greenblatt kernel: [9402566.855279] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=12941 DF PROTO=TCP SPT=10436 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 08:24:00 greenblatt kernel: [9402604.705345] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=16545 DF PROTO=TCP SPT=10882 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 08:25:45 greenblatt kernel: [9402646.825970] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=21008 DF PROTO=TCP SPT=11378 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0

Apr 10 09:35:50 greenblatt kernel: [9404337.065473] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=1738 DF PROTO=TCP SPT=11259 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 09:35:51 greenblatt kernel: [9404337.387287] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=1859 DF PROTO=TCP SPT=11262 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 10 09:35:52 greenblatt kernel: [9404337.748446] FW reject: IN=ppp0 OUT= MAC= SRC=117.204.35.104 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=1964 DF PROTO=TCP SPT=11267 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
All firewalled safely, there is no ftp service configured.

A new attack?

Tags: ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newsitem.cgi,v 1.55 2021/11/09 13:09:49 koos Exp $ in 0.005990 seconds.