Security Incidents mailing list archives

Re: ProFTPD Scan?

From: Rik van Riel <riel () CONECTIVA COM BR>
Date: Tue, 20 Mar 2001 15:11:57 -0300

On Tue, 13 Mar 2001, Steven J. Hill wrote:

Mar 12 15:32:13 trinity proftpd[19148]: trinity
(AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login
failed): Can't find user.

Can anyone provide insight?


You bet I can. This person is a warez script kiddie. I _USED_ to have
a world writeable upload directory for my colaborative work and a
kiddie from this exact domain uploaded 350MB to my site of warez.


That's ok, as long as you make sure they cannot *DOWNLOAD*
the thing again ... at least, not at a speed which makes the
download finish before the world ends ;)

A lot of ftp daemons have the option to limit the download
speed of /incoming to something low enough to make the
distribution of warez impossible (but still good enough to
fetch single updated sourcecode files).

See ftp://ftp.nl.linux.org/incoming/README.warez  ;)

(bandwidth limited to 2kB/s)

regards,

Rik
--
Virtual memory is like a game you can't win;
However, without VM there's truly nothing to lose...

                http://www.surriel.com/
http://www.conectiva.com/       http://distro.conectiva.com.br/

Current thread:

ProFTPD Scan? Kurth Bemis (Mar 12)
- Re: ProFTPD Scan? Janek Shein (Mar 12)
- Re: ProFTPD Scan? X (Mar 12)
- Re: ProFTPD Scan? Jose Nazario (Mar 12)
- Re: ProFTPD Scan? Steven J. Hill (Mar 13)
  - Re: ProFTPD Scan? Kurth Bemis (Mar 14)
  - Re: ProFTPD Scan? Rik van Riel (Mar 20)
- Re: ProFTPD Scan? Mike Stilson (Mar 14)
- <Possible follow-ups>
- Re: ProFTPD Scan? Guillaume.COURTOIS (Mar 15)