On Sun, Jun 17, 2001 at 10:48:41PM -0700, Gregory McCann wrote: > Our log files show that someone at two different Korean ip addresses > tried to access our ftp server (ProFTPD 1.2.0) over 2,300 times on > Saturday. What's the point? Attempted denial of service maybe? check your logs to see if these were all attempted logins to a single account. might be a simple FTP brute forcer, like ADMftpforce. also, keep in mind that Korea has over *4 million* ADSL subscribers - compare this to, say, Japan, with only about 40,000 subscribers, and you'll understand why it's sometimes extremely difficult to find the right person to follow up on an incident originating from there. your best bet is probably to contact the CERTCC-KR, as noted here before: http://www.certcc.or.kr/certcc/cert-2.htm further background on what may be the most wired (and wireless) country on the planet, per capita: http://www.brinjal.com/madan/korea.htm -d. --- http://www.monkey.org/~dugsong/
This archive was generated by hypermail 2b30 : Mon Jun 18 2001 - 20:25:32 PDT