[prev in list] [next in list] [prev in thread] [next in thread]
List: ntop
Subject: [Ntop] Re: Suspicious FTP message from ntop
From: Axel Thimm <Axel.Thimm+ntop () physik ! fu-berlin ! de>
Date: 2002-05-30 7:16:14
Message-ID: 20020530091614.A17730 () bonzo ! nirvana
[Download RAW message or body]
Hello,
a "me, too", concerning the appearence of FTP DEBUG messages in the rpm
deployed 2.0.99RC1. I see this with the binary rpm offered on
http://www.ntopsupport.com/downloads/ntop-2.0.99RC1-20020517.i386.rpm
Haven't checked yet with building it from the src rpm, though.
On Wed, May 29, 2002 at 12:13:28PM -0500, Burton M. Strauss III wrote:
> If it's coming from ntop, then he's got DEBUG enabled and some other code
> turned on... or it's not the current version of ntop...
>
> check sessions.c around line 880 for the message... it's just what ntop is
> sniffing & logging of passive mode ftp traffic...
> [...]
> But, of course, people don't bother tell us how they're running ntop, where
> the got it from, etc. just expect us to read their minds...
> From: ntop-admin@unipi.it [mailto:ntop-admin@unipi.it]On Behalf Of Serge
> Maandag
> Sent: Wednesday, May 29, 2002 11:44 AM
> To: ntop@Unipi.IT
> Cc: mauddib888@hotmail.com
> Subject: RE: [Ntop] Suspicious FTP message from ntop
>
>
> Hmm, I noticed it too. It are not ftp sessions to the host ntop is on, but
> ftp sessions that come by on the network that is being sniffed.
> I have the The RC1 rpm installed.
> Serge.
> From: Burton M. Strauss III [mailto:Burton@ntopsupport.com]
> It's surely not from ntop - there isn't an ftp server in there, unless you
> have a hacked version...
> Try going back to the raw log, not whatever processed version you're looking
> at - you should see
> May 29 09:55:41 localhost ntop[14850]: Done.
> ^^^^^^^^^^^ a process name and pid...
> Also, turn off the ftp daemon you're running if you don't want it on...
> From: ntop-admin@unipi.it [mailto:ntop-admin@unipi.it]On Behalf Of patrick
> wong
>
>
> There are some odd FTP messages coming from the output from NTOP. Can
> someone tell me why this is happening and if normal? It looks odd and
> suspicious.
>
> _______________________________________________
> Ntop mailing list
> Ntop@unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
--
Axel.Thimm+ntop@physik.fu-berlin.de
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic