PFTPX client reset connection
-
I am getting lots and lots of these in a sort of a storm today.
Sep 29 10:26:55 pftpx[558]: #251 server timeout Sep 29 10:26:55 pftpx[558]: #251 server timeout Sep 29 10:26:51 pftpx[558]: #250 server timeout Sep 29 10:26:51 pftpx[558]: #250 server timeout Sep 29 10:26:44 pftpx[558]: #249 server timeout Sep 29 10:26:44 pftpx[558]: #249 server timeout Sep 29 10:26:21 pftpx[558]: #247 server timeout Sep 29 10:26:21 pftpx[558]: #247 server timeout Sep 29 10:26:19 pftpx[558]: #246 server timeout Sep 29 10:26:19 pftpx[558]: #246 server timeout Sep 29 10:26:04 pftpx[558]: #245 server timeout Sep 29 10:26:04 pftpx[558]: #245 server timeout Sep 29 10:25:57 pftpx[558]: #244 client reset connection Sep 29 10:25:57 pftpx[558]: #244 client reset connection Sep 29 10:25:51 pftpx[558]: #243 server timeout Sep 29 10:25:51 pftpx[558]: #243 server timeout Sep 29 10:25:49 pftpx[558]: #242 server timeout Sep 29 10:25:49 pftpx[558]: #242 server timeout
etc.. etc..
My question is, how do i find out which client is causing these errors? If you use the Diagnostic -> States -> Filter by ":21", i come up with all sorts of random internet IPs and the IP of the firewall. eg: Firewall -> Random internet IP
I have turned off the FTP helper on all the interfaces and now the FILTER reports correctly as: INTERNAL MACHINE -> Firewall -> Random Internet IP
So now i can find the user and "discipline" them.
I guess my problem is solved, i was just wondering if there is a way to see connections which are being made by pftpx and where they are originating from.
-
Weird! seems to be symantec endpoint protection talking to a bunch of FTP sites… 69.22.137.48 is what i gather to be a symantec ip. Very strange as we are all locally managed for symantec updates.