Wednesday, May 30, 2001, 2:18:03 PM, you wrote: IJ> I found the same attempt was made on some of our systems. I first noticed a IJ> scan IJ> in our firewall logs last Tuesday or Wednesday (5/22-5/23). After ftp IJ> service was detected, a login attempt was made by anonymous with password IJ> guestat_private We have no need for anonymous login and our servers are IJ> patched up to the latest security patch, so I didn't worry, just made note. IJ> I just assumed it was someone looking for anonymous ftp servers. However, IJ> given your information below, I beginning to suspect that it may be IJ> something more malicious. Perhaps it is just a program looking for anonymous IJ> ftp, but why try and created an *.asp file? Anyone else have some input? They are looking for anonymous ftp servers they can use to store their warez. Basically they just scan a range with a tool like 'grimsping' (http://grimsping.cjb.net), upload a 1kb or 1Mb file to check the speed on your server and use 'space.asp' to see how much free space is left. sincerely Joris De Donder http://www.Security-Downloads.Com
This archive was generated by hypermail 2b30 : Wed May 30 2001 - 17:21:58 PDT