Has any one else notice a huge increase in ftp scanning over the last few weeks ( esp the last 2) Normally I would expect to see 1 scan every few days, but in the last few weeks it has been several each night for example (this is from a host with no externally offered services) Mar 2 15:14:46 TCP: ftp connection attempt from pD9E55ADF.dip.t-dialin.net (217.229.90.223):1583 Mar 2 16:42:48 TCP: ftp connection attempt from 213.82.69.34:1309 Mar 2 16:42:51 TCP: ftp connection attempt from 213.82.69.34:1309 Mar 2 16:42:57 TCP: ftp connection attempt from 213.82.69.34:1309 Mar 2 16:43:09 TCP: ftp connection attempt from 213.82.69.34:1309 Mar 2 17:00:54 TCP: ftp connection attempt from D576EB25.kabel.telenet.be (213.118.235.37):1479 Mar 2 20:40:42 TCP: ftp connection attempt from 203.43.206.34:21 Mar 2 22:15:53 TCP: ftp connection attempt from www.partcenter.com (217.31.128.124):21 is this warez kiddies looking for open share or script kiddies looking for a vulnerable version of wuftp (or similar)? -- ##################### Quentyn Taylor Sysadmin - Fotango ##################### `Naturally, a sysadmin's entire person is holy. We have the power to kill daemons.' Mike Sphar ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Mar 05 2002 - 00:50:23 PST