Re: 2300 FTP accesses from Korea

From: Russell Fulton (r.fultonat_private)
Date: Mon Jun 18 2001 - 14:35:43 PDT

Next message: Russell Fulton: "ICMP Parameter Problem packets to random addresses"

Previous message: Gregory McCann: "RE: 2300 FTP accesses from Korea"
In reply to: Gregory McCann: "2300 FTP accesses from Korea"
Next in thread: Dug Song: "Re: 2300 FTP accesses from Korea"
Next in thread: Soeren Ziehe: "Re: Huge outgoing ICMP flows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 17 Jun 2001 22:48:41 -0700 Gregory McCann <cambriaat_private> 
wrote:

> Our log files show that someone at two different Korean ip addresses 
> tried to access our ftp server (ProFTPD 1.2.0) over 2,300 times on 
> Saturday.  What's the point? 

There probably is not point.  This activity probably was not 
intentional.  We have seen incidents like this several times over the 
last few years, in several cases the machine that initiated the 
activity was a cache.  

This is most likely a result of broken software on the orginating 
system.  Hmmm... I have also seen browsers retrying for ages when 
connecting to our main ftp server when we are refusing connections 
because the load is too high.

Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

Next message: Russell Fulton: "ICMP Parameter Problem packets to random addresses"
Previous message: Gregory McCann: "RE: 2300 FTP accesses from Korea"
In reply to: Gregory McCann: "2300 FTP accesses from Korea"
Next in thread: Dug Song: "Re: 2300 FTP accesses from Korea"
Next in thread: Soeren Ziehe: "Re: Huge outgoing ICMP flows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 18 2001 - 20:14:49 PDT