Security Incidents mailing list archives
RE: ano () ano com ftpd dip.t-dialin.net
From: "Bojan Zdrnja" <Bojan.Zdrnja () FER hr>
Date: Fri, 8 Nov 2002 08:42:49 +0100
-----Original Message----- From: Moo [mailto:fras () nbnet nb ca] Sent: 6. studeni 2002 22:44 To: Owen McCusker; incidents () securityfocus com Subject: Re: ano () ano com ftpd dip.t-dialin.net On November 6, 2002 09:50 pm, Owen McCusker wrote: well they could be doing speed tests on your site to see if they want to use it as PUB distro for warez.
I think you are (partially :) right. This is probably some automated tool which scans available anonymous ftp servers and uploads a file to it. As far as I can see, they usually use 1000000 bytes file to do a speed test, at least that was the case on servers I manage. In this case I believe they are looking only for "open" anonymous ftp servers as (in this case) they transfer only small files which are not enough to test speed, and from dial-up/DSL lines. Speed testing is usually done to some other server (which they already found) which is on a fast line. I get loads of anonymous ftp connects on my ftp server, although anonymous login is forbidden. Logs are like this one: Nov 8 08:06:52 my_server proftpd[10693]: my_server (213-140-20-183.fastres.net[213.140.20.183]) - FTP session opened. Nov 8 08:06:52 my_server proftpd[10693]: my_server (213-140-20-183.fastres.net[213.140.20.183]) - no such user 'anonymous' Nov 8 08:06:52 my_server proftpd[10693]: my_server (213-140-20-183.fastres.net[213.140.20.183]) - FTP session closed. I'd recommend closing anonymous logins (unless you *really* need it) and using tcp wrappers on ftp server to deny connections. Best regards, Bojan Zdrnja ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ano () ano com ftpd dip.t-dialin.net Owen McCusker (Nov 06)
- Re: ano () ano com ftpd dip.t-dialin.net Ralf G. R. Bergs (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Rainer Duffner (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Dave Laird (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net TOK (Nov 08)
- RE: ano () ano com ftpd dip.t-dialin.net David Gillett (Nov 08)
- Re: ano () ano com ftpd dip.t-dialin.net Ralf G. R. Bergs (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Skip Carter (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Moo (Nov 07)
- RE: ano () ano com ftpd dip.t-dialin.net Bojan Zdrnja (Nov 09)
- RE: ano () ano com ftpd dip.t-dialin.net Rick Darsey (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Valdis . Kletnieks (Nov 07)
- <Possible follow-ups>
- RE: ano () ano com ftpd dip.t-dialin.net Owen McCusker (Nov 12)