Security Incidents mailing list archives
increase in ftp scanning
From: quentyn () fotango com
Date: Mon, 04 Mar 2002 12:15:34 +0000
Has any one else notice a huge increase in ftp scanning over the last few weeks ( esp the last 2) Normally I would expect to see 1 scan every few days, but in the last few weeks it has been several each night for example (this is from a host with no externally offered services) Mar 2 15:14:46 TCP: ftp connection attempt from pD9E55ADF.dip.t-dialin.net (217.229.90.223):1583 Mar 2 16:42:48 TCP: ftp connection attempt from 213.82.69.34:1309 Mar 2 16:42:51 TCP: ftp connection attempt from 213.82.69.34:1309 Mar 2 16:42:57 TCP: ftp connection attempt from 213.82.69.34:1309 Mar 2 16:43:09 TCP: ftp connection attempt from 213.82.69.34:1309 Mar 2 17:00:54 TCP: ftp connection attempt from D576EB25.kabel.telenet.be (213.118.235.37):1479 Mar 2 20:40:42 TCP: ftp connection attempt from 203.43.206.34:21 Mar 2 22:15:53 TCP: ftp connection attempt from www.partcenter.com (217.31.128.124):21 is this warez kiddies looking for open share or script kiddies looking for a vulnerable version of wuftp (or similar)? -- ##################### Quentyn Taylor Sysadmin - Fotango ##################### `Naturally, a sysadmin's entire person is holy. We have the power to kill daemons.' Mike Sphar ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- increase in ftp scanning quentyn (Mar 05)
- Re: increase in ftp scanning admin (Mar 05)
- Re: increase in ftp scanning Dragos Ruiu (Mar 05)
- Re: increase in ftp scanning Baribault, Gary (Mar 05)
- <Possible follow-ups>
- RE: increase in ftp scanning Benninghoff, John (Mar 05)
- RE: increase in ftp scanning Ryan Hill (Mar 05)