Security Incidents mailing list archives

increase in ftp scanning

From: quentyn () fotango com
Date: Mon, 04 Mar 2002 12:15:34 +0000

Has any one else notice a huge increase in ftp scanning over the last
few weeks ( esp the last 2)

Normally I would expect to see 1 scan every few days, but in the last
few weeks it has been several each night

for example (this is from a host with no externally offered services)


Mar  2 15:14:46 TCP: ftp connection attempt from
pD9E55ADF.dip.t-dialin.net
(217.229.90.223):1583
Mar  2 16:42:48 TCP: ftp connection attempt from 213.82.69.34:1309
Mar  2 16:42:51 TCP: ftp connection attempt from 213.82.69.34:1309
Mar  2 16:42:57 TCP: ftp connection attempt from 213.82.69.34:1309
Mar  2 16:43:09 TCP: ftp connection attempt from 213.82.69.34:1309
Mar  2 17:00:54 TCP: ftp connection attempt from
D576EB25.kabel.telenet.be
(213.118.235.37):1479
Mar  2 20:40:42 TCP: ftp connection attempt from 203.43.206.34:21
Mar  2 22:15:53 TCP: ftp connection attempt from www.partcenter.com
(217.31.128.124):21


is this warez kiddies looking for open share or script kiddies looking
for a vulnerable version of wuftp (or similar)?

-- 
#####################
Quentyn Taylor
Sysadmin - Fotango
#####################
`Naturally, a sysadmin's entire person is holy. We have the power to
kill daemons.' 
   Mike Sphar

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

increase in ftp scanning quentyn (Mar 05)
- Re: increase in ftp scanning admin (Mar 05)
- Re: increase in ftp scanning Dragos Ruiu (Mar 05)
- Re: increase in ftp scanning Baribault, Gary (Mar 05)
- <Possible follow-ups>
- RE: increase in ftp scanning Benninghoff, John (Mar 05)
- RE: increase in ftp scanning Ryan Hill (Mar 05)