Security Incidents mailing list archives
Re: FTP back in Vogue?
From: "switched" <switched () q-east net>
Date: Wed, 13 Mar 2002 14:49:00 -0600
I think it's the new script kids trying to catch up to the rest of the world. I've seen 2 compromised machines in the last few days via wu-ftp. And once the attackers compromised the machine they installed tools which scanned for more vulnerable ftp servers... no rootkit, and barely tried to hide their tracks. But overrall on my personal server I have seen a sharp decrease in ftp traffic as opposed to several months ago. It is sometimes amazing how long a server can go and still have a vulnerable services. But in other news I have seen a sharp increase in overall probing/scanning activity from 80.0.0.0/8. ----- Original Message ----- From: "leon" <leon () inyc com> To: <incidents () securityfocus com> Sent: Wednesday, March 13, 2002 1:59 PM Subject: FTP back in Vogue?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, Just curious if there is something going on with ftp. Seem to be getting scanned quite a bit for it (all different networks). Not sure if the ips are static or dynamic. This is a machine running zonelarm on it. Haven't seen this many probes in a short time since the wu-ftpd vuln. The firewall has blocked Internet access to your computer (FTP) from 24.190.34.140 (FTP) [TCP Flags: S]. Time: 3/13/2002 11:50:02 AM The firewall has blocked Internet access to your computer (FTP) from 195.55.99.89 (TCP Port 3178) [TCP Flags: S]. Time: 3/13/2002 1:31:58 PM The firewall has blocked Internet access to your computer (FTP) from 80.133.117.45 (TCP Port 3650) [TCP Flags: S]. Time: 3/13/2002 2:55:36 PM The firewall has blocked Internet access to your computer (FTP) from 63.133.117.45 (TCP Port 2792) [TCP Flags: S]. Time: 3/13/2002 2:58:42 PM Regards, Leon -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPI+vodqAgf0xoaEuEQIFuwCbBmcw88WnPPeVGjcRnqTpbD1XazQAoIg+ D5ZDMeQaP3bDLkFhc34yb1Cs =POEh -----END PGP SIGNATURE----- --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- FTP back in Vogue? leon (Mar 13)
- Re: FTP back in Vogue? Nathan W. Labadie (Mar 13)
- Re: FTP back in Vogue? switched (Mar 13)
- RE: FTP back in Vogue? John Rodley (Mar 14)