Routing

 View Only
last person joined: yesterday 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  LOGS ON MX240 FTPD

    Posted 02-17-2023 03:38

    Could this be an attack on my border gateway routers? 

    I keep seeing logs of ftpd daemons on my BGW routers . What can i do to prevent such occurrence ?

    See logs below for date 17th feb. 2023

    ftpd[28736]: ANONYMOUS FTP LOGIN REFUSED FROM 32.248.140.34.bc.googleusercontent.com
    ftpd[29371]: ANONYMOUS FTP LOGIN REFUSED FROM 32.248.140.34.bc.googleusercontent.com
    ftpd[29517]: ANONYMOUS FTP LOGIN REFUSED FROM 233.158.76.34.bc.googleusercontent.com
    ftpd[30221]: control setsockopt (TCP_NODELAY): Connection reset by peer
    inetd[4673]: /usr/libexec/ftpd[30215]: exited, status 1
    inetd[4673]: /usr/libexec/ftpd[30221]: exited, status 1
    ftpd[31013]: control setsockopt (TCP_NODELAY): Connection reset by peer
    ftpd[31015]: control setsockopt (TCP_NODELAY): Connection reset by peer
    ftpd[31022]: getpeername (ftpd): Socket is not connected
    inetd[4673]: /usr/libexec/ftpd[31022]: exited, status 1
    ftpd[31016]: control setsockopt (TCP_NODELAY): Connection reset by peer
    inetd[4673]: /usr/libexec/ftpd[31013]: exited, status 1
    inetd[4673]: /usr/libexec/ftpd[31015]: exited, status 1
    inetd[4673]: /usr/libexec/ftpd[31016]: exited, status 1
    ftpd[31093]: ANONYMOUS FTP LOGIN REFUSED FROM 32.248.140.34.bc.googleusercontent.com
    ftpd[31246]: ANONYMOUS FTP LOGIN REFUSED FROM 216.6.78.34.bc.googleusercontent.com
    ftpd[31716]: ANONYMOUS FTP LOGIN REFUSED FROM 233.158.76.34.bc.googleusercontent.com
    ftpd[31798]: ANONYMOUS FTP LOGIN REFUSED FROM 106.75.15.144
    ftpd[32068]: ANONYMOUS FTP LOGIN REFUSED FROM 216.6.78.34.bc.googleusercontent.com
    inetd[4673]: /usr/libexec/ftpd[32687]: exited, status 1
    ftpd[32798]: ANONYMOUS FTP LOGIN REFUSED FROM 106.75.171.70
    ftpd[32946]: control setsockopt (TCP_NODELAY): Connection reset by peer
    ftpd[32947]: control setsockopt (TCP_NODELAY): Connection reset by peer
    ftpd[32950]: control setsockopt (TCP_NODELAY): Connection reset by peer
    inetd[4673]: /usr/libexec/ftpd[32946]: exited, status 1
    inetd[4673]: /usr/libexec/ftpd[32947]: exited, status 1
    inetd[4673]: /usr/libexec/ftpd[32950]: exited, status 1
    ftpd[33147]: control setsockopt (TCP_NODELAY): Connection reset by peer
    inetd[4673]: /usr/libexec/ftpd[33146]: exited, status 1
    inetd[4673]: /usr/libexec/ftpd[33147]: exited, status 1
    inetd[4673]: /usr/libexec/ftpd[33205]: exited, status 1
    ftpd[33491]: ANONYMOUS FTP LOGIN REFUSED FROM 154.89.5.206
    inetd[4673]: /usr/libexec/ftpd[33491]: exited, status 1
    ftpd[33811]: ANONYMOUS FTP LOGIN REFUSED FROM 154.89.5.117
    inetd[4673]: /usr/libexec/ftpd[33811]: exited, status 1
    ftpd[33954]: ANONYMOUS FTP LOGIN REFUSED FROM 154.89.5.195
    inetd[4673]: /usr/libexec/ftpd[33954]: exited, status 1
    ftpd[34071]: ANONYMOUS FTP LOGIN REFUSED FROM 106.75.215.239
    ftpd[34096]: ANONYMOUS FTP LOGIN REFUSED FROM 154.89.5.202
    inetd[4673]: /usr/libexec/ftpd[34096]: exited, status 1



    ------------------------------
    olalekan ajayi
    ------------------------------


  • 2.  RE: LOGS ON MX240 FTPD

    Posted 02-27-2023 07:54
      |   view attached

    Yes, these are likely someone trying to get access to the routing engine.

    For internet facing devices you should consider deploying a protect RE (routing engine) firewall filter.  This would restrict access to the RE by protocol and location.  The attached Juniper Day One book explains the process.



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------

    Attachment(s)

    pdf
    Securing_RouteEngine_v2.pdf   960 KB 1 version


  • 3.  RE: LOGS ON MX240 FTPD

    Posted 03-04-2023 19:53

    Thank you i will go through the attach document 



    ------------------------------
    olalekan ajayi
    ------------------------------