Re: FTP back in Vogue?

["Nathan W. Labadie" <ab0781 () wayne edu>]

Same here. We've got snort watching two /16's, and there has been a 
substantial increase in both ftp vulnerability scans and searches for 
"open" ftp servers (ie, default IIS... anonymous w/ write permissions).

On Wednesday 13 March 2002 02:59 pm, leon wrote:
> Hi everyone,
>
> Just curious if there is something going on with ftp.  Seem to be
> getting scanned quite a bit for it (all different networks).  Not
> sure if the ips are static or dynamic.  This is a machine running
> zonelarm on it.  Haven't seen this many probes in a short time since
> the wu-ftpd vuln.
>
> The firewall has blocked Internet access to your computer (FTP) from
> 24.190.34.140 (FTP) [TCP Flags: S].
>
> Time: 3/13/2002 11:50:02 AM
>
> The firewall has blocked Internet access to your computer (FTP) from
> 195.55.99.89 (TCP Port 3178) [TCP Flags: S].
>
> Time: 3/13/2002 1:31:58 PM
>
> The firewall has blocked Internet access to your computer (FTP) from
> 80.133.117.45 (TCP Port 3650) [TCP Flags: S].
>
> Time: 3/13/2002 2:55:36 PM
>
> The firewall has blocked Internet access to your computer (FTP) from
> 63.133.117.45 (TCP Port 2792) [TCP Flags: S].
>
> Time: 3/13/2002 2:58:42 PM
>
> Regards,
>
> Leon
>
>
>
> ---------------------------------------------------------------------
> ------- This list is provided by the SecurityFocus ARIS analyzer
> service. For more information on this free incident handling,
> management and tracking system please see:
> http://aris.securityfocus.com

-- 
Nathan W. Labadie       | ab0781 () wayne edu   
Sr. Security Specialist | 313/577.2126
Wayne State University  | 313/577.1338 fax
C&IT Information Security Office: http://security.wayne.edu


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com