Security Incidents mailing list archives

Re: ftpd: the advisory version

From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Thu, 6 Jul 2000 10:19:17 -0700


Date: Wed, 5 Jul 2000 22:13:21 +0100
From: David Malone <dwmalone () maths tcd ie>
To: Ron DuFresne <dufresne () WINTERNET COM>
Cc: BUGTRAQ () SECURITYFOCUS COM
Subject: Re: ftpd: the advisory version
Message-ID: <20000705221321.A60535 () walton maths tcd ie>
References: <Pine.GSO.4.05.10007031512580.12698-100000 () tundra winternet com>

On Mon, Jul 03, 2000 at 03:14:34PM -0500, Ron DuFresne wrote:

While others are stating no noticed increase in scans and attempts to
exploit this newfound root shell, we are seeing some evidence of such
attempts these last few days.


I've seen two scans of our subnets recently, one a few days before
the problem was announced on bugtraq and one a few days after. The
scans just seemed to connect and go away again, so I presume they
were just collecting ftpd banners.

        David.

Current thread:

Re: ftpd: the advisory version Elias Levy (Jul 06)
- <Possible follow-ups>
- Re: ftpd: the advisory version Elias Levy (Jul 06)
  - Re: ftpd: the advisory version David Knaack (Jul 06)
  - Re: ftpd: the advisory version Ben Laws (Jul 07)
- Re: ftpd: the advisory version Elias Levy (Jul 06)