Security Incidents mailing list archives
RE: increase in ftp scanning
From: "Benninghoff, John" <John.Benninghoff () Rbcdain com>
Date: Tue, 5 Mar 2002 09:44:58 -0600
I regularly see ftp scans from t-dialin.net (Germany's major ISP) and wanadoo.fr (France) ... They're almost always looking for open ftp sites, where they can set up a mp3/warez repository. Usually they use a tool called Grim's Ping (http://grimsping.cjb.net/). I generally ignore these scans, since t-dialin and wanadoo have a reputation of totally ignoring any & all abuse reports. -----Original Message----- From: quentyn () fotango com [mailto:quentyn () fotango com] Sent: Monday, March 04, 2002 6:16 AM To: incidents () securityfocus com Subject: increase in ftp scanning Has any one else notice a huge increase in ftp scanning over the last few weeks ( esp the last 2) Normally I would expect to see 1 scan every few days, but in the last few weeks it has been several each night for example (this is from a host with no externally offered services) Mar 2 15:14:46 TCP: ftp connection attempt from pD9E55ADF.dip.t-dialin.net (217.229.90.223):1583 Mar 2 16:42:48 TCP: ftp connection attempt from 213.82.69.34:1309 Mar 2 16:42:51 TCP: ftp connection attempt from 213.82.69.34:1309 Mar 2 16:42:57 TCP: ftp connection attempt from 213.82.69.34:1309 Mar 2 16:43:09 TCP: ftp connection attempt from 213.82.69.34:1309 Mar 2 17:00:54 TCP: ftp connection attempt from D576EB25.kabel.telenet.be (213.118.235.37):1479 Mar 2 20:40:42 TCP: ftp connection attempt from 203.43.206.34:21 Mar 2 22:15:53 TCP: ftp connection attempt from www.partcenter.com (217.31.128.124):21 is this warez kiddies looking for open share or script kiddies looking for a vulnerable version of wuftp (or similar)? -- ##################### Quentyn Taylor Sysadmin - Fotango ##################### `Naturally, a sysadmin's entire person is holy. We have the power to kill daemons.' Mike Sphar ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- increase in ftp scanning quentyn (Mar 05)
- Re: increase in ftp scanning admin (Mar 05)
- Re: increase in ftp scanning Dragos Ruiu (Mar 05)
- Re: increase in ftp scanning Baribault, Gary (Mar 05)
- <Possible follow-ups>
- RE: increase in ftp scanning Benninghoff, John (Mar 05)
- RE: increase in ftp scanning Ryan Hill (Mar 05)