Security Incidents mailing list archives
Re: ProFTPD Scan?
From: Kurth Bemis <kurth () USAEXPRESS NET>
Date: Wed, 14 Mar 2001 00:49:08 -0500
At 10:32 AM 3/13/2001, Steven J. Hill wrote: I'd like to thank all the persons that responded to my post regarding ProFTPd Scan. It was very reassuring to have many knowledgeable people put my worries to rest. Thank you ~kurth
Kurth Bemis wrote: > > I found these in todays logs - notice the times "15:32:13" thats four hits > at the same time. and then two at a different time. Looks like a DoS > attempt to (although i've been known to have been wrong). > > In today's logs. > > Mar 12 15:30:28 trinity proftpd[19132]: trinity > (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login > failed): Can't find user. > Mar 12 15:32:13 trinity proftpd[19147]: trinity > (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login > failed): Can't find user. > Mar 12 15:32:13 trinity proftpd[19148]: trinity > (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login > failed): Can't find user. > Mar 12 15:30:28 trinity proftpd[19132]: trinity > (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login > failed): Can't find user. > Mar 12 15:32:13 trinity proftpd[19147]: trinity > (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login > failed): Can't find user. > Mar 12 15:32:13 trinity proftpd[19148]: trinity > (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login > failed): Can't find user. > > Can anyone provide insight? > You bet I can. This person is a warez script kiddie. I _USED_ to have a world writeable upload directory for my colaborative work and a kiddie from this exact domain uploaded 350MB to my site of warez. I still have the logs from this one. I emailed the sysadmins at this domain and never heard back from them. They apparently have not done shit about it. This kiddie was trying to find a word writeable directory. -Steve -- Steven J. Hill - Embedded SW Engineer Public Key: 'http://www.cotw.com/pubkey.txt' FPR1: E124 6E1C AF8E 7802 A815 FPR2: 7D72 829C 3386 4C4A E17D
Current thread:
- ProFTPD Scan? Kurth Bemis (Mar 12)
- Re: ProFTPD Scan? Janek Shein (Mar 12)
- Re: ProFTPD Scan? X (Mar 12)
- Re: ProFTPD Scan? Jose Nazario (Mar 12)
- Re: ProFTPD Scan? Steven J. Hill (Mar 13)
- Re: ProFTPD Scan? Kurth Bemis (Mar 14)
- Re: ProFTPD Scan? Rik van Riel (Mar 20)
- Re: ProFTPD Scan? Mike Stilson (Mar 14)
- <Possible follow-ups>
- Re: ProFTPD Scan? Guillaume.COURTOIS (Mar 15)