Unusual Message log contents

From: Gregory Kane (gregory.kaneat_private)
Date: Mon May 06 2002 - 07:33:49 PDT

Previous message: Loki: "RE: info"
Next in thread: Mark Newby: "Re: Unusual Message log contents"
Reply: Mark Newby: "Re: Unusual Message log contents"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Ok - I'm not totally sure what is going on here. Does anyone have a thought about this entry in my message.log file? May 5 10:28:57 server1 kernel: MSDOS FS: IO charset iso8859-1 May 5 10:28:57 server1 kernel: MSDOS FS: Using codepage 850 Additioanlly, I have been getting hit with ftp and samba probes. However, this one appears to have connected -am I correct in my assumption? May 6 01:33:42 server1 proftpd[14539]: server1.softwareoub (211.105.222.3[211.105.222.3]) - FTP session opened. May 6 01:33:42 server1 proftpd[14539]: server1.softwareoub (211.105.222.3[211.105.222.3]) - FTP session closed. May 6 01:35:39 server1 proftpd[14540]: server1.softwareoub (211.105.222.3[211.105.222.3]) - FTP session opened. May 6 01:35:49 server1 proftpd[14540]: server1.softwareoub (211.105.222.3[211.105.222.3]) - FTP session closed. Ftp was closed to all - this was going to be setup in the near future to allow ftp to a public folder, however it appears that someone beat me to it. Am I correct???? The apparent probes that I commonly get are like the following: May 5 21:36:23 server1 proftpd[13215]: server1.softwareoub (p50871B0C.dip.t-dialin.net[80.135.27.12]) - FTP session opened. May 5 21:36:24 server1 proftpd[13215]: server1.softwareoub (p50871B0C.dip.t-dialin.net[80.135.27.12]) - no such user 'anonymous' May 5 21:36:24 server1 last message repeated 4 times May 5 21:36:24 server1 proftpd[13215]: server1.softwareoub (p50871B0C.dip.t-dialin.net[80.135.27.12]) - FTP session closed. And for Samba May 5 22:31:07 server1 smbd[13540]: [2002/05/05 22:31:07, 0] smbd/connection.c:yield_connection(62) May 5 22:31:07 server1 smbd[13540]: yield_connection: tdb_delete failed with error Record does not exist. Once again, I'm going to be working on Samba in a mixed os environment in the near future. The box has only been up for 4 days. Anyone else seeing this stuff? Thanks for any input in advance. Greg ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Next message: W.G. Iyer: "Re: info"
Previous message: Loki: "RE: info"
Next in thread: Mark Newby: "Re: Unusual Message log contents"
Reply: Mark Newby: "Re: Unusual Message log contents"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 06 2002 - 10:28:53 PDT