FTP scans

[ejovi () EJOVI NET (Ejovi Nuwere)]

Attached are two scans in syslog format.

The first scan (scan1) I can't figure out, possible scanning for the
format string bug as posted on bugtraq? The second connection would
be the attacker trying to manually probe the machine in question. Any
ideas?

The next scan (scan2) would be a automated script looking for a writable
directory. Notice the 'test345' directory it attempts to make. I dont know
if the script removes the directory after a successful creation, but the
presence of it would be a sure sign of a probe.

Ejovi.

MD5 (scan1) = 5264f28338169651e592860fdb4ea532
MD5 (scan2) = 028af9b577c7037d91f56acf595e253a

<HR NOSHADE>
<UL>
<LI>TEXT/PLAIN attachment: can1_
</UL>

<HR NOSHADE>
<UL>
<LI>TEXT/PLAIN attachment: can2_
</UL>