Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: big increase in ftp scanning

From: Thomas Molina <tmolina () HOME COM>
Date: Wed, 1 Nov 2000 17:11:47 -0600
On Tue, 31 Oct 2000, Mike A. Harris wrote:


On Sun, 29 Oct 2000, Ian Eure wrote:


Date: Sun, 29 Oct 2000 15:58:56 -0800
From: Ian Eure <ieure () SICKFUCK ORG>
To: INCIDENTS () SECURITYFOCUS COM
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: big increase in ftp scanning

i've seen a ton of ftp scans in the last week.

they have come from:

62.226.217.222 (p3EE2D9DE.dip.t-dialin.net)


I didn't see any ftp scans from t-dialin.net, but I did see several
tries for http (1080 and 80) as well as tries for pop servers (110).

I don't normally see a lot of scans for ftp daemons.  Usually they are
trying for http and pop servers or open mail relays.

However, checking my logs, I did see a big spike in probes for tcp port
23 between 8 and 20 Oct.  These were mainly from two subnets, sonic.net
and adelphia.net.  This activity seemed to tail off almost entirely
after 21 Oct.
Previous By Date Next
Previous By Thread Next

Current thread: