Security Incidents mailing list archives
Re: What's the tool?
From: Greg Owen <gowen () DIGITALGOODS COM>
Date: Tue, 20 Mar 2001 17:49:52 -0500
I've been seeing a number of, apparently, automated scans for FTP. When an FTP site is found, the tool logs on anonymously and attempts to create a directory in a couple of different places. If unsuccessful, it logs off. The directory it tries to create is named for the date/time of the probe, i.e. 010320101054p for March 20, 2001, 10:10:54pm.
...
Does anyone know what this tool is?
I think that may be Grim's Ping: http://grimsping.cjb.net/index.htm I get scans from those people all the time. I ended up writing a script to monitor the FTP log and to drop anybody tooling the site into the firewall deny list just so that I wouldn't have to clean up after them. And yes, most of them are european: DENY 213.51.164.222 DENY a213-84-22-28.adsl.xs4all.nl DENY AMontpellier-201-1-2-178.abo.wanadoo.fr DENY baits-210-13.reshall.umich.edu DENY c126114.upc-c.chello.nl DENY campusb1184nuts.unimaas.nl DENY cr951252-a.ym1.on.wave.home.com DENY d119237.upc-d.chello.nl DENY D5E0556A.kabel.telenet.be DENY d83b3212.dsl.flashcom.net DENY e166159.upc-e.chello.nl DENY e168164.upc-e.chello.nl DENY gosax1-094.dialup.optusnet.com.au DENY ipd54b25b8.free.wxs.nl DENY p3E9BB6CD.dip.t-dialin.net DENY p3E9E815F.dip.t-dialin.net DENY qn-212-127-131-191.quicknet.nl DENY qn-212-127-136-178.quicknet.nl DENY sdcax47-082.dialup.optusnet.com.au DENY w250.z064000179.dfw-tx.dsl.cnc.net -- gowen -- Greg Owen -- gowen () DigitalGoods com SoftLock.com is now DigitalGoods!
Current thread:
- What's the tool? Sean Brown (Mar 20)
- Re: What's the tool? Krister (Mar 20)
- Re: What's the tool? H C (Mar 20)
- <Possible follow-ups>
- Re: What's the tool? gattaca (Mar 21)
- Re: What's the tool? Greg Owen (Mar 21)