[rbak-nsp] Odd FTP logs
Curtis Piehler
cpiehler2 at gmail.com
Sat May 26 00:56:48 EDT 2018
I am wondering if anyone out there has seen this issue and has any insight
considering finding information on this platform is difficult these days.
As of a couple of days ago I have been observing the below messages in my
logs over and over:
May 26 00:25:48: %SYSLOG-6-INFO: ftpd[15025]: connection from 127.0.2.6 to
127.0.2.5
May 26 00:25:48: %SYSLOG-6-INFO: ftpd[15025]: FTP LOGIN FROM 127.0.2.6 as
nobody (class: real, type: REAL)
May 26 00:25:49: %SYSLOG-6-INFO: ftpd[15025]: put /md/vxcore.gz: Permission
denied
May 26 00:25:49: %SYSLOG-6-INFO: ftpd[15025]: Data traffic: 0 bytes in 0
files
May 26 00:25:49: %SYSLOG-6-INFO: ftpd[15025]: Total traffic: 987 bytes in 0
transfers
These occur at least once a minute.
This device does not act as an FTP server so it does not respond to port 21
on any address.
I find odd the from and to address as they are internal reserved to network
devices. These networks are actually have no route on my network so they
should effectively be discarded.
SSH/Telnet is not even open in the global routing context.
I see no core dumps that would attempt to self generate this type of
traffic either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20180526/7b342558/attachment.html>
More information about the redback-nsp
mailing list