Security Incidents mailing list archives
2300 FTP accesses from Korea
From: "Gregory McCann" <cambria () owt com>
Date: Sun, 17 Jun 2001 22:48:41 -0700
Our log files show that someone at two different Korean ip addresses tried to access our ftp server (ProFTPD 1.2.0) over 2,300 times on Saturday. What's the point? Attempted denial of service maybe? There does not seem to be any damage or breakin attempts. First, someone at 211.203.38.222 made several connections per minute for nearly four hours. Then ten hours later, someone at 211.247.56.102 did the same thing for about 25 minutes. ftp ftpd22972 Sat Jun 16 10:07 - 10:07 (00:00) 211.203.38.222 ftp ftpd22971 Sat Jun 16 10:07 - 10:07 (00:00) 211.203.38.222 ftp ftpd22970 Sat Jun 16 10:07 - 10:07 (00:00) 211.203.38.222 etc... ftp ftpd23704 Sat Jun 16 20:08 - 20:08 (00:00) 211.247.56.102 ftp ftpd23703 Sat Jun 16 20:08 - 20:08 (00:00) 211.247.56.102 ftp ftpd23702 Sat Jun 16 20:08 - 20:08 (00:00) 211.247.56.102 etc... 211.203.38.222 is registered to Hanaro Telecom, Inc. in Seoul. http://www.hananet.net/main.htm I couldn't locate 211.247.56.102 because the Korean whois server is dead at the moment. Also, looking back a little farther in the logs, I see 537 attempts from 211.203.39.147 on 6/13. Greg
Current thread:
- Huge outgoing ICMP flows Vangelis Haniotakis (Jun 13)
- Re: Huge outgoing ICMP flows Trevor (Jun 13)
- Re: Huge outgoing ICMP flows Chris Ess (Jun 14)
- Re: Huge outgoing ICMP flows Bryan Andersen (Jun 15)
- Re: Huge outgoing ICMP flows Kurt Seifried (Jun 17)
- 2300 FTP accesses from Korea Gregory McCann (Jun 18)
- Re: 2300 FTP accesses from Korea ecofsky (Jun 18)
- Re: 2300 FTP accesses from Korea Derek Kwan (Jun 18)
- Re: 2300 FTP accesses from Korea Russell Fulton (Jun 18)
- Re: 2300 FTP accesses from Korea Dug Song (Jun 18)
- Re: Huge outgoing ICMP flows Bryan Andersen (Jun 15)
- Re: Huge outgoing ICMP flows Gary Maltzen (Jun 19)
- <Possible follow-ups>
- Re: Huge outgoing ICMP flows Robert G. Ferrell (Jun 15)