Security Incidents mailing list archives
Re[2]: Identify Method
From: Joris De Donder <joris () security-downloads com>
Date: Wed, 30 May 2001 18:19:33 +0200
Wednesday, May 30, 2001, 2:18:03 PM, you wrote: IJ> I found the same attempt was made on some of our systems. I first noticed a IJ> scan IJ> in our firewall logs last Tuesday or Wednesday (5/22-5/23). After ftp IJ> service was detected, a login attempt was made by anonymous with password IJ> guest () here com. We have no need for anonymous login and our servers are IJ> patched up to the latest security patch, so I didn't worry, just made note. IJ> I just assumed it was someone looking for anonymous ftp servers. However, IJ> given your information below, I beginning to suspect that it may be IJ> something more malicious. Perhaps it is just a program looking for anonymous IJ> ftp, but why try and created an *.asp file? Anyone else have some input? They are looking for anonymous ftp servers they can use to store their warez. Basically they just scan a range with a tool like 'grimsping' (http://grimsping.cjb.net), upload a 1kb or 1Mb file to check the speed on your server and use 'space.asp' to see how much free space is left. sincerely Joris De Donder http://www.Security-Downloads.Com
Current thread:
- RE: Identify Method Ingersoll, Jared (May 30)
- Re[2]: Identify Method Joris De Donder (May 30)
- <Possible follow-ups>
- RE: Identify Method Jeff Peterson (May 30)
- RE: Identify Method Jose Nazario (May 30)
- RE: Identify Method John Spinks (May 31)
- RE: Identify Method Keith.Morgan (May 30)
- RE: Identify Method Bobby, Paul (May 30)