Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ProFTPD Scan?

From: "Steven J. Hill" <sjhill () cotw com>
Date: Tue, 13 Mar 2001 09:32:38 -0600
Kurth Bemis wrote:


I found these in todays logs - notice the times "15:32:13"  thats four hits
at the same time. and then two at a different time.  Looks like a DoS
attempt to (although i've been known to have been wrong).

In today's logs.

Mar 12 15:30:28 trinity proftpd[19132]: trinity
(AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login
failed): Can't find user.
Mar 12 15:32:13 trinity proftpd[19147]: trinity
(AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login
failed): Can't find user.
Mar 12 15:32:13 trinity proftpd[19148]: trinity
(AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login
failed): Can't find user.
Mar 12 15:30:28 trinity proftpd[19132]: trinity
(AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login
failed): Can't find user.
Mar 12 15:32:13 trinity proftpd[19147]: trinity
(AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login
failed): Can't find user.
Mar 12 15:32:13 trinity proftpd[19148]: trinity
(AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login
failed): Can't find user.

Can anyone provide insight?


You bet I can. This person is a warez script kiddie. I _USED_ to have a
world writeable upload directory for my colaborative work and a kiddie
from this exact domain uploaded 350MB to my site of warez. I still have
the logs from this one. I emailed the sysadmins at this domain and never
heard back from them. They apparently have not done shit about it. This
kiddie was trying to find a word writeable directory.

-Steve

--
 Steven J. Hill - Embedded SW Engineer
 Public Key: 'http://www.cotw.com/pubkey.txt&apos;
 FPR1: E124 6E1C AF8E 7802 A815
 FPR2: 7D72 829C 3386 4C4A E17D
Previous By Date Next
Previous By Thread Next

Current thread: