Peter_Stanley
22-04-2004, 07:51
Okay, so I've got an FTP server set up behind a Linksys routers. Zonealarm is running on the pc, but the FTP server is in the listed as an allowed server. I use no-ip to map the domain to the IP address.
This morning I checked the server log and, as well as my own (valid) access from work, I found these access attempts:
[1] Wed 21Apr04 08:55:47 - Starting FTP Server...
[1] Wed 21Apr04 08:55:48 - FTP Server listening on port number 21, IP 192.168.x.x, 127.0.0.1
[5] Wed 21Apr04 12:15:31 - (000001) Connected to 210.107.128.49 (Local address 192.168.x.x)
[5] Wed 21Apr04 12:15:33 - (000001) Too many times wrong password for user "TEST" - disconnecting
[5] Wed 21Apr04 12:15:33 - (000001) Closing connection
[5] Wed 21Apr04 12:15:34 - (000002) Connected to 210.107.128.49 (Local address 192.168.x.x)
[5] Wed 21Apr04 12:15:36 - (000002) Too many times wrong password for user "SOFTUP" - disconnecting
[5] Wed 21Apr04 12:15:36 - (000002) Closing connection
[5] Wed 21Apr04 12:15:37 - (000003) Connected to 210.107.128.49 (Local address 192.168.x.x)
[5] Wed 21Apr04 12:15:41 - (000003) Closing connection
[5] Wed 21Apr04 12:15:41 - (000004) Connected to 210.107.128.49 (Local address 192.168.x.x)
[5] Wed 21Apr04 12:15:43 - (000004) Too many times wrong password for user "TVUP" - disconnecting
[5] Wed 21Apr04 12:15:43 - (000004) Closing connection
[5] Wed 21Apr04 12:15:44 - (000005) Connected to 210.107.128.49 (Local address 192.168.x.x)
[5] Wed 21Apr04 12:15:48 - (000005) Closing connection
[5] Wed 21Apr04 12:15:49 - (000006) Connected to 210.107.128.49 (Local address 192.168.x.x)
[5] Wed 21Apr04 12:15:50 - (000006) Too many times wrong password for user "ANONYMOUS" - disconnecting
[5] Wed 21Apr04 12:15:52 - (000006) Closing connection
†¦
†¦
†¦
[5] Wed 21Apr04 15:19:55 - (000013) Connected to 61.243.240.28 (Local address 192.168.x.x)
[5] Wed 21Apr04 15:19:55 - (000013) Closing connection
[5] Wed 21Apr04 23:46:13 - (000014) Connected to 203.64.191.9 (Local address 127.0.0.1)
[5] Wed 21Apr04 23:46:13 - (000014) Closing connection
It looks like someone from the Information and Communications University in Korea has been attempting to access my server, unsuccessfully. What I don't understand is the 2 attempted connections from 61.243.240.28 and 203.64.191.9. Neither of these addresses give any information using SmartWhois at all-nettools. Why is the second attempt forwarded to 127.0.0.1 - I thought this was a loopback address or somesuch...?
This morning I checked the server log and, as well as my own (valid) access from work, I found these access attempts:
[1] Wed 21Apr04 08:55:47 - Starting FTP Server...
[1] Wed 21Apr04 08:55:48 - FTP Server listening on port number 21, IP 192.168.x.x, 127.0.0.1
[5] Wed 21Apr04 12:15:31 - (000001) Connected to 210.107.128.49 (Local address 192.168.x.x)
[5] Wed 21Apr04 12:15:33 - (000001) Too many times wrong password for user "TEST" - disconnecting
[5] Wed 21Apr04 12:15:33 - (000001) Closing connection
[5] Wed 21Apr04 12:15:34 - (000002) Connected to 210.107.128.49 (Local address 192.168.x.x)
[5] Wed 21Apr04 12:15:36 - (000002) Too many times wrong password for user "SOFTUP" - disconnecting
[5] Wed 21Apr04 12:15:36 - (000002) Closing connection
[5] Wed 21Apr04 12:15:37 - (000003) Connected to 210.107.128.49 (Local address 192.168.x.x)
[5] Wed 21Apr04 12:15:41 - (000003) Closing connection
[5] Wed 21Apr04 12:15:41 - (000004) Connected to 210.107.128.49 (Local address 192.168.x.x)
[5] Wed 21Apr04 12:15:43 - (000004) Too many times wrong password for user "TVUP" - disconnecting
[5] Wed 21Apr04 12:15:43 - (000004) Closing connection
[5] Wed 21Apr04 12:15:44 - (000005) Connected to 210.107.128.49 (Local address 192.168.x.x)
[5] Wed 21Apr04 12:15:48 - (000005) Closing connection
[5] Wed 21Apr04 12:15:49 - (000006) Connected to 210.107.128.49 (Local address 192.168.x.x)
[5] Wed 21Apr04 12:15:50 - (000006) Too many times wrong password for user "ANONYMOUS" - disconnecting
[5] Wed 21Apr04 12:15:52 - (000006) Closing connection
†¦
†¦
†¦
[5] Wed 21Apr04 15:19:55 - (000013) Connected to 61.243.240.28 (Local address 192.168.x.x)
[5] Wed 21Apr04 15:19:55 - (000013) Closing connection
[5] Wed 21Apr04 23:46:13 - (000014) Connected to 203.64.191.9 (Local address 127.0.0.1)
[5] Wed 21Apr04 23:46:13 - (000014) Closing connection
It looks like someone from the Information and Communications University in Korea has been attempting to access my server, unsuccessfully. What I don't understand is the 2 attempted connections from 61.243.240.28 and 203.64.191.9. Neither of these addresses give any information using SmartWhois at all-nettools. Why is the second attempt forwarded to 127.0.0.1 - I thought this was a loopback address or somesuch...?