Security Incidents mailing list archives
CodeRed-like FTP worm?
From: "Ascent - Compton, Richard" <RCompton () ascent-corp com>
Date: Wed, 12 Dec 2001 15:07:34 -0600
Hello, I keep seeing attempted connections to ftp by various boxes in the same subnets. Could this be some sort of scan for vulnerable ftp servers? Something like a CodeRed ftp worm? Thanks for any info in advance, Rich Tue Dec 11 11:08:04 FTP connection from 80.11.101.8 Tue Dec 11 12:38:26 FTP connection from 210.65.171.32 Tue Dec 11 14:06:27 FTP connection from 193.253.37.13 Tue Dec 11 15:04:45 FTP connection from 193.253.37.13 Tue Dec 11 18:16:47 FTP connection from 217.136.112.196 Wed Dec 12 04:14:53 FTP connection from 202.224.159.46 Wed Dec 12 11:41:52 FTP connection from 141.24.92.89 Wed Dec 12 12:15:11 FTP connection from 80.11.85.121 Wed Dec 12 13:38:03 FTP connection from 213.191.132.98 Wed Dec 12 14:08:30 FTP connection from 210.58.12.142 Wed Dec 12 14:41:33 FTP connection from 217.129.33.236 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- CodeRed-like FTP worm? Ascent - Compton, Richard (Dec 13)
- Re: CodeRed-like FTP worm? hvdkooij (Dec 13)
- Re: CodeRed-like FTP worm? Neil McKellar (Dec 13)
- Re: CodeRed-like FTP worm? H C (Dec 13)