I havent seen anything about this but in the past week Ive seen a lot more scripted ftp site scanning, much of it from boxes that have previously probed with nimda (malicious remote control?) sample log follows. for the record the anon ftp server here doesnt allow upload so this is just an annoyance. Oct 8 13:13:19 notwise ftpd[3125]: USER anonymous Oct 8 13:13:19 notwise ftpd[3125]: PASS Jgpuserat_private Oct 8 13:13:19 notwise ftpd[3125]: ANONYMOUS FTP LOGIN FROM AAnnecy-101-1-4-58.abo.wanadoo.fr [193.251.17.58], Jgpuserat_private Oct 8 13:13:20 notwise ftpd[3125]: CWD /pub/ Oct 8 13:13:20 notwise ftpd[3125]: MKD 011008201323p Oct 8 13:13:20 notwise ftpd[3125]: CWD /public/ Oct 8 13:13:21 notwise ftpd[3125]: CWD /pub/incoming/ Oct 8 13:13:21 notwise ftpd[3125]: CWD /incoming/ Oct 8 13:13:22 notwise ftpd[3125]: CWD /_vti_pvt/ Oct 8 13:13:23 notwise ftpd[3125]: CWD / Oct 8 13:13:23 notwise ftpd[3125]: MKD 011008201326p Oct 8 13:13:24 notwise ftpd[3125]: CWD /upload/ Oct 8 13:13:24 notwise ftpd[3125]: FTP session closed -- Bob MCSE Microsoft Certified System Eliminator The best way to accelerate a windows box is at 9.8 meters per second square. All your tanks are belong to me. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Oct 08 2001 - 14:38:11 PDT