Security Incidents mailing list archives
Re: FTP scans from wanadoo.fr
From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Mon, 17 Dec 2001 16:00:15 -0500 (EST)
On Mon, 17 Dec 2001, Aaron Wolfe wrote:
I have made many attempts to contact Wanadoo regarding this.
heh .. good luck. wanadoo seems quite happy to be quiet about it. mayeb if you phrase it in french ... i dunno. whats amusing is that french copyright is extremely easy to enforce. maybe if you approach it as a copyright matter (likely warez trading, possibly ftpd exploit hopes thogh) they'll take it more seriously.
My questions, has anyone else noticed this? I am almost certain others have. But more importantly, is there an easy way for me to find out all the networks that belong to wanadoo so I can just block them all rather than waiting for a connection from a host in each network? Sorry if that's a dumb question, i am kind of new to this. (many thanks to this list! i have learned alot!) Oh, and am I over reacting here? I know these probes happen all the time, but when they happen at all 20+ of our sites coming from the same network for several weeks... ?
you're certainly not alone. it can't hurt to block their access to ftp (20, 21 tcp) at the door. blocking all access may be a bit too much, imagine if you're overseas on business using a wanadoo.fr line ... your site policy should be pretty strict anyhow for non-standard communications (web, mail) ... best of luck, ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- FTP scans from wanadoo.fr Aaron Wolfe (Dec 17)
- Re: FTP scans from wanadoo.fr Paul Asadoorian (Dec 17)
- Re: FTP scans from wanadoo.fr Todd Suiter (Dec 17)
- RE: FTP scans from wanadoo.fr Rick Darsey (Dec 17)
- Re: FTP scans from wanadoo.fr Glenn Forbes Fleming Larratt (Dec 17)
- Re: FTP scans from wanadoo.fr Todd Suiter (Dec 17)
- Re: FTP scans from wanadoo.fr Todd Suiter (Dec 17)
- Re: FTP scans from wanadoo.fr Mike V (Dec 17)
- Re: FTP scans from wanadoo.fr Jose Nazario (Dec 17)
- Re: FTP scans from wanadoo.fr Sébastien Vaast (Dec 17)
- RE: FTP scans from wanadoo.fr SunTrix Com Management (Dec 17)
- Re: FTP scans from wanadoo.fr russell (Dec 17)
- Re: FTP scans from wanadoo.fr Steve (Dec 17)
- Re: FTP scans from wanadoo.fr loon (Dec 17)
- Re: FTP scans from wanadoo.fr Phil (Dec 17)
- Re: FTP scans from wanadoo.fr Replugge [Rod] (Dec 18)
- Re: FTP scans from wanadoo.fr dr john halewood (Dec 18)
- Re: FTP scans from wanadoo.fr Alexandre Pinto (Dec 18)
- Re: FTP scans from wanadoo.fr - MOre info Replugge [Rod] (Dec 18)
(Thread continues...)
- Re: FTP scans from wanadoo.fr Paul Asadoorian (Dec 17)