Thanks for your suggestions. I'll give them all a shot and keep an eye out as well for more info. I have followed my own advise and reported the IP's to the companies that they belong to though. :-) I know, won't do much good but what the heck. All three IP's belong to different companies and all in Denmark! My little computer is growing up! It's traveling the world via the internet! <sniff> <sniff> :-) On Sun, 2004-07-18 at 06:30, John Thompson wrote: > You could boot from a rescue cd and run "chkrootkit" although from the > logs above it appears this was simply a scripted attack that failed. > There are automated programs that scan IP blocks for open ftp servers > and automatically launch attacks to anything they find in the hope that > the server can be exploited for warez, pr0n, etc. > > If you need to transfer files in the future, you may want to use > something other than ftp (e.g., "sftp" or "scp" from the OpenSSH package). > > If you simply must use ftp, configure iptables to only accept > connections to ports 20 and 21 from known IPs; that is, the IP address > or block for your work machine. > > If you use xinetd to launch the ftp server on demand, you can define > rules to restrict access in a number of interesting ways. > > Also check your tcp_wrapper rules. Most modern ftp servers for linux > are compiled with tcp_wrapper support, which can add another layer of > control/security to the transaction. > > -- > > -John (john@xxxxxxxxxxx) -- Thanks, Tom Sapp http://www.sappsworld.com
