Firewall Wizards mailing list archives
RE: [OT?] Anybody Recognize These Uploads?
From: "Bill Royds" <broyds () rogers com>
Date: Tue, 24 Dec 2002 16:11:44 -0500
Warez people are generating them to test for availability of open FTP sites. They randomly generate a file of a standard size, then test whether they can retrieve it so that they know the site can be used as a repository for stolen software. Your site is letting them create it, even though you don't let them retrieve it. Since these are automated scans, you will be getting these regularly. It is much better to force every user who wants to send data to have use a standard account and password rather than an anonymous account. You can make the account and password publicly known (still restricting read after write) and you will then prevent the automated searches from finding your site. -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Jim Seymour Sent: Tue December 24 2002 09:06 To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] [OT?] Anybody Recognize These Uploads? Hi All, Maybe kind of off-topic, maybe not. My FTP server at home allows sand-boxed FTP uploads [1]. Occasionally I see things in there with all-numeric filenames. They seem to be some kind of unidentified [2] data. They're all the same size. Here's what's there currently: $ ls -l [0-9]* -rw-rw-r-- 1 ftp ftp 104154 Dec 20 18:21 389.204 -rw-rw-r-- 1 ftp ftp 104154 Dec 21 09:27 449.833 -rw-rw-r-- 1 ftp ftp 104154 Dec 24 08:15 57.605 -rw-rw-r-- 1 ftp ftp 104154 Nov 29 13:30 689.279 -rw-rw-r-- 1 ftp ftp 104154 Dec 23 12:31 881.787 With one exception, these all came from dip.t-dialin.net space. The other came from gte.net space. All users anon logged in as "ano () ano com." I long ago disallowed FTP access by wanadoo.fr users due to wide-spread FTP abuse from that space and poor abuse handling by wanadoo.fr. I'm wondering if this isn't the same kind of thing? [1] FTP "incoming" directory is write-only. Users can't even get a directory listing and file over-writes are prohibited. [2] Unidentified by "file mumble" Thanks, Jim -- Jim Seymour | PGP Public Key available at: jseymour () LinxNet com | http://www.uk.pgp.net/pgpnet/pks-commands.html http://jimsun.LinxNet.com | _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- [OT?] Anybody Recognize These Uploads? Jim Seymour (Dec 24)
- RE: [OT?] Anybody Recognize These Uploads? Bill Royds (Dec 24)
- <Possible follow-ups>
- Re: [OT?] Anybody Recognize These Uploads? Eric N. Valor (Dec 25)
- Re: Re: [OT?] Anybody Recognize These Uploads? Henning Brauer (Dec 25)
- RE: Re: [OT?] Anybody Recognize These Uploads? Noonan, Wesley (Dec 25)
- Re: Re: [OT?] Anybody Recognize These Uploads? Henning Brauer (Dec 25)
- Re: Re: [OT?] Anybody Recognize These Uploads? R. DuFresne (Dec 25)
- fp3 upgrade for nokia simon (Dec 26)
- Re: Re: [OT?] Anybody Recognize These Uploads? Henning Brauer (Dec 25)
- RE: Re: [OT?] Anybody Recognize These Uploads? Christine Kronberg (Dec 27)
- RE: [OT?] Anybody Recognize These Uploads? Bruce Platt (Dec 26)