Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

ftp directory scan

From: harston <harston () poczta fm>
Date: Mon, 8 Jul 2002 15:17:58 +0200
mailto: incidents () securityfocus com,

About one week ago i start to watch this strange 'directory scans'.
I wonder does it can be only some script witch search something on
ftp or some worm ( look at nine line of log).

pb211.wieliczka.sdi.tpnet.pl UNKNOWN nobody [07/Jul/2002:00:52:17 +0200] "USER anonymous" 331 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "PASS Wgpuser () home com" 230 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD /pub/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD /public/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD /pub/incoming/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /incoming/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /_vti_pvt/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /" 250 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "MKD 020707005736p" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /upload/" 550 -  

--
[harston][Another Linux User #221813]


----------------------------------------------------------------------
Wiesz, co zdarzylo sie dzisiaj? >>> http://link.interia.pl/f1606



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: