Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FTP back in Vogue?

From: "switched" <switched () q-east net>
Date: Wed, 13 Mar 2002 14:49:00 -0600
I think it's the new script kids trying to catch up to the rest of the
world.  I've seen 2 compromised machines in the last few days via wu-ftp.
And once the attackers compromised the machine they installed tools which
scanned for more vulnerable ftp servers... no rootkit, and barely tried to
hide their tracks.  But overrall on my personal server I have seen a sharp
decrease in ftp traffic as opposed to several months ago.  It is sometimes
amazing how long a server can go and still have a vulnerable services.  But
in other news I have seen a sharp increase in overall probing/scanning
activity from 80.0.0.0/8.

----- Original Message -----
From: "leon" <leon () inyc com>
To: <incidents () securityfocus com>
Sent: Wednesday, March 13, 2002 1:59 PM
Subject: FTP back in Vogue?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everyone,

Just curious if there is something going on with ftp.  Seem to be
getting scanned quite a bit for it (all different networks).  Not
sure if the ips are static or dynamic.  This is a machine running
zonelarm on it.  Haven't seen this many probes in a short time since
the wu-ftpd vuln.

The firewall has blocked Internet access to your computer (FTP) from
24.190.34.140 (FTP) [TCP Flags: S].

Time: 3/13/2002 11:50:02 AM

The firewall has blocked Internet access to your computer (FTP) from
195.55.99.89 (TCP Port 3178) [TCP Flags: S].

Time: 3/13/2002 1:31:58 PM

The firewall has blocked Internet access to your computer (FTP) from
80.133.117.45 (TCP Port 3650) [TCP Flags: S].

Time: 3/13/2002 2:55:36 PM

The firewall has blocked Internet access to your computer (FTP) from
63.133.117.45 (TCP Port 2792) [TCP Flags: S].

Time: 3/13/2002 2:58:42 PM

Regards,

Leon

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPI+vodqAgf0xoaEuEQIFuwCbBmcw88WnPPeVGjcRnqTpbD1XazQAoIg+
D5ZDMeQaP3bDLkFhc34yb1Cs
=POEh
-----END PGP SIGNATURE-----


--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: