Hello, I keep seeing attempted connections to ftp by various boxes in the same subnets. Could this be some sort of scan for vulnerable ftp servers? Something like a CodeRed ftp worm? Thanks for any info in advance, Rich Tue Dec 11 11:08:04 FTP connection from 80.11.101.8 Tue Dec 11 12:38:26 FTP connection from 210.65.171.32 Tue Dec 11 14:06:27 FTP connection from 193.253.37.13 Tue Dec 11 15:04:45 FTP connection from 193.253.37.13 Tue Dec 11 18:16:47 FTP connection from 217.136.112.196 Wed Dec 12 04:14:53 FTP connection from 202.224.159.46 Wed Dec 12 11:41:52 FTP connection from 141.24.92.89 Wed Dec 12 12:15:11 FTP connection from 80.11.85.121 Wed Dec 12 13:38:03 FTP connection from 213.191.132.98 Wed Dec 12 14:08:30 FTP connection from 210.58.12.142 Wed Dec 12 14:41:33 FTP connection from 217.129.33.236 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Dec 13 2001 - 09:56:09 PST