Hi Justin,

The FileZilla Server interface has a main window which lists all the FTP commands 
and reponses in real time - and I just happened to check it when some an intruder 
had been trying to login for about 1 hour.

Perhaps this level of detail can be configured to appear in your log files. For what 
it's worth in my case simply changing the default FTP port of 21 to something 
harder to guess has so far prevented any intrusion attempts, but as others have 
said may cause some access difficulties depending on flexibility of the client 
software used and network limitations.

Brent

Justin Richards wrote:
> How do you detect the intrusions.
> 
> I am (was) running xp, apache, slimftp, vnc and haven't been aware of any
> problems but it is becoming clear that my network is under constant attack
> without my knowledge.  I dont run any firewalls (apart from the adsl modem
> is acting as a firewall to some degree), virus scanners etc. 
> Where do I look.  I check the apache logs and modem logs from time to time
> but appears to be nothing.
> 
> Cheers Justin
> 
> >
> > Already I've noticed some intrusion attempts... someone was attempting to
> > login
> > using the user name "administrator" and trying various different passwords
> > every 10
> > seconds. Their IP address was in China, so I booted them off, next day
> > similar thing
> > but from India. So I guess this is a pretty common kind of thing... must be
> > some
> > robots checking port 21 on any/every IP address in the hope they can find a
> > vulnerable FTP server.
> >
> -- 
> http://www.piclist.com PIC/SX FAQ & list archive
> View/change your membership options at
> http://mailman.mit.edu/mailman/listinfo/piclist
> 

-- 
Brent Brown, Electronic Design Solutions
16 English Street, St Andrews,
Hamilton 3200, New Zealand
Ph: +64 7 849 0069
Fax: +64 7 849 0071
Cell: +64 27 433 4069
eMail:  brent.brown@clear.net.nz


-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist