mailto: incidentsat_private, About one week ago i start to watch this strange 'directory scans'. I wonder does it can be only some script witch search something on ftp or some worm ( look at nine line of log). pb211.wieliczka.sdi.tpnet.pl UNKNOWN nobody [07/Jul/2002:00:52:17 +0200] "USER anonymous" 331 - pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "PASS Wgpuserat_private" 230 - pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD /pub/" 550 - pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD /public/" 550 - pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD /pub/incoming/" 550 - pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /incoming/" 550 - pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /_vti_pvt/" 550 - pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /" 250 - pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "MKD 020707005736p" 550 - pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /upload/" 550 - -- [harston][Another Linux User #221813] ---------------------------------------------------------------------- Wiesz, co zdarzylo sie dzisiaj? >>> http://link.interia.pl/f1606 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 08 2002 - 08:30:04 PDT