Well it looks like to me that you gave FTP access to a friend, and he is uploading the Warez version of "War Craft 3" in rar.gz format, Hey dont look a gift horse in the mouth! :) On Tue, 2002-10-08 at 08:07, Sundaram Ramasamy wrote: > Hi, > > I am allowing ftp connection in my firewall, some body used ftp port, > filled > my hard disk space. He logged-in from 68.65.58.159 IP (/var/log/message) > > Oct 8 00:57:03 linux2 ftpd[25101]: FTP LOGIN FROM > va-staff-u1-c5a-159.frbgva.adelphia.net [68.65.58.159] > > he created directory named WC3 and transfed follwoing files. > > bash-2.04# cd WC3 > bash-2.04# ls > wc3.part01.rar.gz wc3.part07.rar.gz wc3.part13.rar.gz > wc3.part19.rar.gz > wc3.part02.rar.gz wc3.part08.rar.gz wc3.part14.rar.gz > wc3.part20.rar.gz > wc3.part03.rar.gz wc3.part09.rar.gz wc3.part15.rar.gz > wc3.part21.rar.gz > wc3.part04.rar.gz wc3.part10.rar.gz wc3.part16.rar.gz > wc3.part05.rar.gz wc3.part11.rar.gz wc3.part17.rar.gz > wc3.part06.rar.gz wc3.part12.rar.gz wc3.part18.rar.gz > > Is anybody knows what this file used for? > > How will i block this IP Address in my firewall? > > How will i check what else he did on my machine? > > Thanks > SR > -- Vito Sansevero Unix Network Admin <mailto:vito.sansevero@linksys.com> The Linksys Group
