Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

CodeRed-like FTP worm?

From: "Ascent - Compton, Richard" <RCompton () ascent-corp com>
Date: Wed, 12 Dec 2001 15:07:34 -0600
Hello,
I keep seeing attempted connections to ftp by various boxes in the same
subnets.  Could this be some sort of scan for vulnerable ftp servers?
Something like a CodeRed ftp worm?

Thanks for any info in advance,

Rich


Tue Dec 11 11:08:04    FTP connection from 80.11.101.8
Tue Dec 11 12:38:26    FTP connection from 210.65.171.32
Tue Dec 11 14:06:27    FTP connection from 193.253.37.13
Tue Dec 11 15:04:45    FTP connection from 193.253.37.13
Tue Dec 11 18:16:47    FTP connection from 217.136.112.196
Wed Dec 12 04:14:53    FTP connection from 202.224.159.46
Wed Dec 12 11:41:52    FTP connection from 141.24.92.89
Wed Dec 12 12:15:11    FTP connection from 80.11.85.121
Wed Dec 12 13:38:03    FTP connection from 213.191.132.98
Wed Dec 12 14:08:30    FTP connection from 210.58.12.142
Wed Dec 12 14:41:33    FTP connection from 217.129.33.236


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: