Security Incidents mailing list archives
Re: Strange FTP traffic...
From: Rik van Riel <riel () CONECTIVA COM BR>
Date: Sat, 30 Sep 2000 16:05:56 -0300
On Thu, 28 Sep 2000, Sean Sosik-Hamor wrote:
I had some strange FTP traffic a week or two ago and I'm just now getting around to remember to post it. ;) Is anyone familiar with this scan? Just looks like a check for a world writable incoming. I need to clear out the WaReZ puppies and VCD couriers every once in a while on this server, is this how they're finding me?
Some months ago on NL.linux.org I used to have trouble with this too. The solution was to rate-limit /incoming to 3kB/second and put a README.WAREZ file there warning them of the fact that the directory is rate-limited and completely unsuitable for bulk transfers. They haven't bothered since ;) [well, the first evening I had some fun watching a kiddie upload a file at 90kB/second, after which his friends couldn't download it before growing old ... but after that they were gone] regards, Rik -- "What you're running that piece of shit Gnome?!?!" -- Miguel de Icaza, UKUUG 2000 http://www.conectiva.com/ http://www.surriel.com/
Current thread:
- Re: Strange FTP traffic... Rik van Riel (Sep 30)
- Re: Strange FTP traffic... Pluto (Oct 10)
- <Possible follow-ups>
- Re: Strange FTP traffic... Erik Tayler (Sep 30)