Security Incidents mailing list archives

Re: Strange FTP traffic...

From: Helmut Springer <delta () FAVEVE UNI-STUTTGART DE>
Date: Fri, 29 Sep 2000 09:07:57 +0200

On Thu 2000-09-28 (15:33), Sean Sosik-Hamor wrote:

getting around to remember to post it.  ;)  Is anyone familiar with
this scan?  Just looks like a check for a world writable incoming.  I

someone looking for a site to store lateron retrieveable data, warez
for example.

need to clear out the WaReZ puppies and VCD couriers every once in a
while on this server, is this how they're finding me?


if you ftpd is misconfigured your incoming will allow upload and
download of files, maybe even the creation of 'hidden' directories.
if this is the case, as the log shows, you'll face a wonderful
increase of traffic...

any reasonable ftpd for anonymous uploads will support such things
as blocking directory creation, enforcing reasonable filenames,
chown/chmod files to local administrators and so on..

--
MfG/best regards, helmut springer
                                            delta () FaVeVe Uni-Stuttgart DE
        
                   "Freedom's just another word for nothing left to lose"

Current thread:

Strange FTP traffic... Sean Sosik-Hamor (Sep 28)
- Re: Strange FTP traffic... Helmut Springer (Sep 29)
- <Possible follow-ups>
- Re: Strange FTP traffic... Abe Getchell (Sep 29)