Security Incidents mailing list archives
Re: ProFTPD Scan?
From: Rik van Riel <riel () CONECTIVA COM BR>
Date: Tue, 20 Mar 2001 15:11:57 -0300
On Tue, 13 Mar 2001, Steven J. Hill wrote:
Mar 12 15:32:13 trinity proftpd[19148]: trinity (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login failed): Can't find user. Can anyone provide insight?You bet I can. This person is a warez script kiddie. I _USED_ to have a world writeable upload directory for my colaborative work and a kiddie from this exact domain uploaded 350MB to my site of warez.
That's ok, as long as you make sure they cannot *DOWNLOAD* the thing again ... at least, not at a speed which makes the download finish before the world ends ;) A lot of ftp daemons have the option to limit the download speed of /incoming to something low enough to make the distribution of warez impossible (but still good enough to fetch single updated sourcecode files). See ftp://ftp.nl.linux.org/incoming/README.warez ;) (bandwidth limited to 2kB/s) regards, Rik -- Virtual memory is like a game you can't win; However, without VM there's truly nothing to lose... http://www.surriel.com/ http://www.conectiva.com/ http://distro.conectiva.com.br/
Current thread:
- ProFTPD Scan? Kurth Bemis (Mar 12)
- Re: ProFTPD Scan? Janek Shein (Mar 12)
- Re: ProFTPD Scan? X (Mar 12)
- Re: ProFTPD Scan? Jose Nazario (Mar 12)
- Re: ProFTPD Scan? Steven J. Hill (Mar 13)
- Re: ProFTPD Scan? Kurth Bemis (Mar 14)
- Re: ProFTPD Scan? Rik van Riel (Mar 20)
- Re: ProFTPD Scan? Mike Stilson (Mar 14)
- <Possible follow-ups>
- Re: ProFTPD Scan? Guillaume.COURTOIS (Mar 15)