RE: ftp directory scan

From: Carey, Steve T ISD (steve.careyat_private)
Date: Mon Jul 08 2002 - 08:33:46 PDT

Next message: Golden_Eternity: "RE: Seeing Chuncked content"

Previous message: Michael Katz: "Re: ftp directory scan"
Maybe in reply to: harston: "ftp directory scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It is an automated scan by a someone looking for anonymous FTP servers with
read/write privileges enabled.  If they find one they will use it as a warez
site until found by the SA.
Steve Carey

-----Original Message-----
From: harston [mailto:harstonat_private]
Sent: Monday, July 08, 2002 8:18 AM
To: incidentsat_private
Subject: ftp directory scan


mailto: incidentsat_private,

About one week ago i start to watch this strange 'directory scans'.
I wonder does it can be only some script witch search something on
ftp or some worm ( look at nine line of log).

pb211.wieliczka.sdi.tpnet.pl UNKNOWN nobody [07/Jul/2002:00:52:17 +0200] "USER
anonymous" 331 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "PASS
Wgpuserat_private" 230 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD
/pub/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD
/public/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD
/pub/incoming/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD
/incoming/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD
/_vti_pvt/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /"
250 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "MKD
020707005736p" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD
/upload/" 550 -  

--
[harston][Another Linux User #221813]


----------------------------------------------------------------------
Wiesz, co zdarzylo sie dzisiaj? >>> http://link.interia.pl/f1606



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Golden_Eternity: "RE: Seeing Chuncked content"
Previous message: Michael Katz: "Re: ftp directory scan"
Maybe in reply to: harston: "ftp directory scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 08 2002 - 09:41:49 PDT