ftp directory scan

From: harston (harstonat_private)
Date: Mon Jul 08 2002 - 06:17:58 PDT

  • Next message: Roy Sigurd Karlsbakk: "Exploit in rpc.statd 0.3.3?"

    mailto: incidentsat_private,
    
    About one week ago i start to watch this strange 'directory scans'.
    I wonder does it can be only some script witch search something on
    ftp or some worm ( look at nine line of log).
    
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN nobody [07/Jul/2002:00:52:17 +0200] "USER anonymous" 331 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "PASS Wgpuserat_private" 230 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD /pub/" 550 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD /public/" 550 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD /pub/incoming/" 550 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /incoming/" 550 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /_vti_pvt/" 550 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /" 250 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "MKD 020707005736p" 550 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /upload/" 550 -  
    
    --
    [harston][Another Linux User #221813]
    
    
    ----------------------------------------------------------------------
    Wiesz, co zdarzylo sie dzisiaj? >>> http://link.interia.pl/f1606
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Mon Jul 08 2002 - 08:30:04 PDT