Same here. We've got snort watching two /16's, and there has been a substantial increase in both ftp vulnerability scans and searches for "open" ftp servers (ie, default IIS... anonymous w/ write permissions). On Wednesday 13 March 2002 02:59 pm, leon wrote: > Hi everyone, > > Just curious if there is something going on with ftp. Seem to be > getting scanned quite a bit for it (all different networks). Not > sure if the ips are static or dynamic. This is a machine running > zonelarm on it. Haven't seen this many probes in a short time since > the wu-ftpd vuln. > > The firewall has blocked Internet access to your computer (FTP) from > 24.190.34.140 (FTP) [TCP Flags: S]. > > Time: 3/13/2002 11:50:02 AM > > The firewall has blocked Internet access to your computer (FTP) from > 195.55.99.89 (TCP Port 3178) [TCP Flags: S]. > > Time: 3/13/2002 1:31:58 PM > > The firewall has blocked Internet access to your computer (FTP) from > 80.133.117.45 (TCP Port 3650) [TCP Flags: S]. > > Time: 3/13/2002 2:55:36 PM > > The firewall has blocked Internet access to your computer (FTP) from > 63.133.117.45 (TCP Port 2792) [TCP Flags: S]. > > Time: 3/13/2002 2:58:42 PM > > Regards, > > Leon > > > > --------------------------------------------------------------------- >------- This list is provided by the SecurityFocus ARIS analyzer > service. For more information on this free incident handling, > management and tracking system please see: > http://aris.securityfocus.com -- Nathan W. Labadie | ab0781at_private Sr. Security Specialist | 313/577.2126 Wayne State University | 313/577.1338 fax C&IT Information Security Office: http://security.wayne.edu ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Mar 13 2002 - 16:53:03 PST