Its not a tool but rather a few test files that the "warez dude" uploaded probably from various location to test the connectivity between your FTP and others. Gavin Reid > -----Original Message----- > From: Incidents Mailing List > [mailto:INCIDENTSat_private] On Behalf Of James W. Abendschan > Sent: Tuesday, April 24, 2001 1:00 PM > To: INCIDENTSat_private > Subject: 'FrogEater' > > > This is not a security incident as much as it's fingerprints > of warez d00d activity, but I was curious if anyone else has > seen this tool. > > I found the following directories in the FTP root of an NT box: > > 03-31-01 01:05AM <DIR> > 04-08-01 12:34PM <DIR> .tmp > > 03-31-01 12:33AM <DIR> .FrogEater > 03-26-01 05:16AM 1000000 1 Mo > 01-02-01 12:05AM 1000000 1.mb.zip > 03-30-01 10:26PM 1000000 1000k > 03-30-01 11:22PM 1000000 1MB.Test > 03-26-01 05:17AM <DIR> FrogEater > 04-08-01 12:34PM <DIR> TAGGED FrogE > > This looks much like the result of an automated tool that > checks for anonymous / world-writable FTP directories. I > assume the 1000000 byte files are attempts to figure out the > link speed and / or > disk quotas .. ? The '.tmp' directory is actually named '.tmp '. > > A google search only turned up one useful link, which is in > turn a link to another "frogeaten" site. > http://www.google.com/search?q=cache:kotisivu.raketti.net/jari77v/index4 .htm+frogeater&hl=en James
This archive was generated by hypermail 2b30 : Wed Apr 25 2001 - 09:21:24 PDT