Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange FTP traffic...

From: Rik van Riel <riel () CONECTIVA COM BR>
Date: Sat, 30 Sep 2000 16:05:56 -0300
On Thu, 28 Sep 2000, Sean Sosik-Hamor wrote:


I had some strange FTP traffic a week or two ago and I'm just
now getting around to remember to post it.  ;)  Is anyone
familiar with this scan?  Just looks like a check for a world
writable incoming.  I need to clear out the WaReZ puppies and
VCD couriers every once in a while on this server, is this how
they're finding me?


Some months ago on NL.linux.org I used to have trouble with
this too.

The solution was to rate-limit /incoming to 3kB/second and
put a README.WAREZ file there warning them of the fact that
the directory is rate-limited and completely unsuitable for
bulk transfers.

They haven't bothered since ;)

[well, the first evening I had some fun watching a kiddie
upload a file at 90kB/second, after which his friends couldn't
download it before growing old ... but after that they were gone]

regards,

Rik
--
"What you're running that piece of shit Gnome?!?!"
       -- Miguel de Icaza, UKUUG 2000

http://www.conectiva.com/               http://www.surriel.com/
Previous By Date Next
Previous By Thread Next

Current thread: