Security Incidents mailing list archives
Re: 2300 FTP accesses from Korea
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Tue, 19 Jun 2001 09:35:43 +1200 (NZST)
On Sun, 17 Jun 2001 22:48:41 -0700 Gregory McCann <cambria () owt com> wrote:
Our log files show that someone at two different Korean ip addresses tried to access our ftp server (ProFTPD 1.2.0) over 2,300 times on Saturday. What's the point?
There probably is not point. This activity probably was not intentional. We have seen incidents like this several times over the last few years, in several cases the machine that initiated the activity was a cache. This is most likely a result of broken software on the orginating system. Hmmm... I have also seen browsers retrying for ages when connecting to our main ftp server when we are refusing connections because the load is too high. Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand
Current thread:
- Huge outgoing ICMP flows Vangelis Haniotakis (Jun 13)
- Re: Huge outgoing ICMP flows Trevor (Jun 13)
- Re: Huge outgoing ICMP flows Chris Ess (Jun 14)
- Re: Huge outgoing ICMP flows Bryan Andersen (Jun 15)
- Re: Huge outgoing ICMP flows Kurt Seifried (Jun 17)
- 2300 FTP accesses from Korea Gregory McCann (Jun 18)
- Re: 2300 FTP accesses from Korea ecofsky (Jun 18)
- Re: 2300 FTP accesses from Korea Derek Kwan (Jun 18)
- Re: 2300 FTP accesses from Korea Russell Fulton (Jun 18)
- Re: 2300 FTP accesses from Korea Dug Song (Jun 18)
- Re: Huge outgoing ICMP flows Bryan Andersen (Jun 15)
- Re: Huge outgoing ICMP flows Gary Maltzen (Jun 19)
- <Possible follow-ups>
- Re: Huge outgoing ICMP flows Robert G. Ferrell (Jun 15)