Security Incidents mailing list archives
Re: FTP scans from wanadoo.fr
From: "Alexandre Pinto" <alexcp () ciphertech com br>
Date: Tue, 18 Dec 2001 16:36:43 -0200
the anonymous login password: frequently [A-Z]gpuser () home com an attempt to cd to some directories: /ftproot, /wwwroot, /_vti_bin, /_vti_cnf, /cgi-bin, amongst others: the pattern varies, but all requests take place within a second, so it's definitely scripted. This is followed by an attempt to create a number of directories with a name such as 011203022432p, where the first 6 digits are YYMMDD. Anyone recognise the tool?
That must be Grim's Ping (http://grimsping.cjb.net/). There was a discussion about attacks generated by this tool recently on other SecurityFocus lists (not sure if it was Vuln-Dev or Pen-Test). Cheers, Alexcp -- Alexandre Correia Pinto Desenvolvimento de Produto Cipher Technology http://www.ciphertech.com.br _____ "Segurança em TI - uma especialidade Cipher Technology" ----- Original Message ----- From: "dr john halewood" <john () frumious unidec co uk> To: <aaron () aaronwolfe com>; <incidents () securityfocus com> Sent: Tuesday, December 18, 2001 8:49 AM Subject: Re: FTP scans from wanadoo.fr
There's a distinct pattern to these scans from wanadoo. Looking through some logs (I allow anonymous login but with read-only access on one box). I've noticed the following: Cheers john ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: FTP scans from wanadoo.fr, (continued)
- Re: FTP scans from wanadoo.fr Mike V (Dec 17)
- Re: FTP scans from wanadoo.fr Jose Nazario (Dec 17)
- Re: FTP scans from wanadoo.fr Sébastien Vaast (Dec 17)
- RE: FTP scans from wanadoo.fr SunTrix Com Management (Dec 17)
- Re: FTP scans from wanadoo.fr russell (Dec 17)
- Re: FTP scans from wanadoo.fr Steve (Dec 17)
- Re: FTP scans from wanadoo.fr loon (Dec 17)
- Re: FTP scans from wanadoo.fr Phil (Dec 17)
- Re: FTP scans from wanadoo.fr Replugge [Rod] (Dec 18)
- Re: FTP scans from wanadoo.fr dr john halewood (Dec 18)
- Re: FTP scans from wanadoo.fr Alexandre Pinto (Dec 18)
- Re: FTP scans from wanadoo.fr - MOre info Replugge [Rod] (Dec 18)
- Re: FTP scans from wanadoo.fr - MOre info Pieter-Bas IJdens (Dec 19)
- Re: FTP scans from wanadoo.fr Emil Popov (Dec 20)
- FTP scans from wanadoo.fr Gray, Patrick (ISS Atlanta) (Dec 17)
- RE: FTP scans from wanadoo.fr Barber, Chris (Dec 18)
- Re: FTP scans from wanadoo.fr Dave Morris (Dec 20)