I monitor my router and ftp logs on Server 2003. As would be expected, port
21 packets show up in both. However, I have an instance where the router
shows an incoming and outgoing packet for port 21. However, no entry was
made in the ftp log.
The router shows
Nov 29, 2005 12:25:37.302 UTC - 58.12.31.109 : 62649 >>> 192.168.1.95 :
21 - FTP Scan
Nov 29, 2005 12:25:37.302 UTC - 192.168.1.95 : 21 >>> 58.12.31.109 :
62649
The router would not generate an outgoing packet, hence the packet had to
have been generated by the server by the program listening on port 21
(ftp).
Nothing from that ip address is listed in the ftp log, the http log, the
firewall log, or the event log. I did not have a deny access entry in
directory security for that range of addresses (I do now).
Unless I am missing something, this would suggest that a packet was
processed by the ftp server but not recorded in the ftp log. How is that
possible and how to I correct it?
Thanks.
Mike.
|
Similar Threads
Linear Mode
