Re: FTP scans from wanadoo.fr

From: Steve (steve.rielly@extranet.co.nz)
Date: Mon Dec 17 2001 - 15:40:24 PST

Next message: Gregg Sperling: "SSH Attempts: Link to RedHat?"

Previous message: loon: "Re: FTP scans from wanadoo.fr"
In reply to: russell: "Re: FTP scans from wanadoo.fr"
Next in thread: loon: "Re: FTP scans from wanadoo.fr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Russel,

This is an email I received from my  t-online complaints, the german section has a telepohnoe 
number as well as abuse@ email address. Haven't seen any scans from t-online since.

Deutsche Version / English Version follows below
Sehr geehrte Damen und Herren,

wir haben Ihre E-Mail erhalten und ausgewertet.
Beim Verursacher handelt es sich um einen T-Online-Kunden.
Daher haben wir Ihr Anliegen zur weiteren Bearbeitung an die

          T-Online International AG
mailto:abuse@t-online.de
          Tel.: 06151/680-0
                                abuse-Team
weitergeleitet.

Mit  freundlichen Gruessen

 Deutsche Telekom AG
    Security Team Ulm

________________________________________

- English Version -
Dear Sir or Madam

We received and analysed your e-mail.
The causer is a customer of  T-Online.
Therefore we sent your complaint to

T-Online International AG
mailto:abuse@t-online.de

       Kind regards
Deutsche Telekom AG
   security team Ulm?

Steve Rielly
Security Engineer
Extranet Technologies Limited
Level 3, 60 Cook St, Auckland, New Zealand
P.O. Box 7726, Wellesley Street, Auckland, New Zealand
Ph: +649 377 1122, Mob: 025 835530 Fax: +649 377 1109 

12/18/01 11:49:08 AM, russell <R.FULTON@auckland.ac.nz> wrote:

>On Tue, 2001-12-18 at 06:59, Aaron Wolfe wrote:
>> 
>> hello,
>> 
>> for some time (weeks if not months) several of our remote offices have been
>> logging connects attempts to port 21 from various ips that resolve to
>> (something).wanadoo.fr.  since we have firewalls on many different networks
>> from several providers all logging these attempts, i'm fairly sure this is a
>> script randomly scanning ips.  I even put up an FTP server on one box to see
>> what would happen if port 21 was open, it attempted to login as anonymous
>> but I didn't let it go any further.
>
>I've been wondering when someone would start complaining about wanadoo.
>I have been reporting two or three ftp scans a day for months!  Let's
>hope that they actually do something about it now.
>
>Not far behind wanadoo.fr is t-online.de (which I believe is a large
>German ISP). I am seeing about five ftp scans a week from t-online.de,
>all are reported to their abuse address.
>
>Does anyone have any contacts who might ba able to get some real action
>on this issue?
>
>Cheers, Russell
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management 
>and tracking system please see: http://aris.securityfocus.com
>
>
>




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Gregg Sperling: "SSH Attempts: Link to RedHat?"
Previous message: loon: "Re: FTP scans from wanadoo.fr"
In reply to: russell: "Re: FTP scans from wanadoo.fr"
Next in thread: loon: "Re: FTP scans from wanadoo.fr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 15:48:33 PST