On Tue, 2001-12-18 at 06:59, Aaron Wolfe wrote: > > hello, > > for some time (weeks if not months) several of our remote offices have been > logging connects attempts to port 21 from various ips that resolve to > (something).wanadoo.fr. since we have firewalls on many different networks > from several providers all logging these attempts, i'm fairly sure this is a > script randomly scanning ips. I even put up an FTP server on one box to see > what would happen if port 21 was open, it attempted to login as anonymous > but I didn't let it go any further. I've been wondering when someone would start complaining about wanadoo. I have been reporting two or three ftp scans a day for months! Let's hope that they actually do something about it now. Not far behind wanadoo.fr is t-online.de (which I believe is a large German ISP). I am seeing about five ftp scans a week from t-online.de, all are reported to their abuse address. Does anyone have any contacts who might ba able to get some real action on this issue? Cheers, Russell ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 15:35:57 PST