Security Incidents mailing list archives

Re: big increase in ftp scanning

From: Eilon Gishri <eilon () ARISTO TAU AC IL>
Date: Mon, 30 Oct 2000 19:29:23 +0200

On Sun, Oct 29, 2000 at 03:58:56PM -0800, Ian Eure wrote:

i've seen a ton of ftp scans in the last week.

they have come from:

62.226.217.222 (p3EE2D9DE.dip.t-dialin.net)
64.209.232.25 (isengard.iad4.gctr.net)
62.20.37.140 (basecamp.gotland.se)
24.28.122.195 (cs28122-195.houston.rr.com)
24.162.74.203 (cs16274-203.austin.rr.com)

all this has been in the last week. i run wu-ftpd 2.6.0, with a backport
of the fix from 2.6.1. high risk, but there's no anonymous account, and no
untrusted users have access to ftp.

somewhat OT, can someone recommend a more secure ftpd? it seems like
almost all of the ftp daemons had (have?) bad security problems.


  There are no known security holes in the latest version of wu-ftpd
which is as you mentioned 2.6.1.

  As for these type of scans, looks like they are world wide and are
mainly targeted at Linux.

--
Eilon Gishri                                    eilon () aristo tau ac il
Security Consultant                             Mobile: +972-54-303595

Current thread:

Re: big increase in ftp scanning David Knaack (Nov 01)
- <Possible follow-ups>
- Re: big increase in ftp scanning Jose Nazario (Nov 01)
- Re: big increase in ftp scanning Eilon Gishri (Nov 01)
  - Re: big increase in ftp scanning Gregory A Lundberg (Nov 01)
    - Re: big increase in ftp scanning Russell Fulton (Nov 02)
- Re: big increase in ftp scanning Sean Michael Whipkey (Nov 01)
- Re: big increase in ftp scanning Greg Owen (Nov 01)
  - Re: big increase in ftp scanning Michael Bush (Nov 02)
  - Re: big increase in ftp scanning Christopher Malek (Nov 05)
- Re: big increase in ftp scanning Mike A. Harris (Nov 02)
  - Re: big increase in ftp scanning Thomas Molina (Nov 05)
  - Re: big increase in ftp scanning Daniel Roesen (Nov 08)
    - Re: big increase in ftp scanning Tuc (Nov 08)

(Thread continues...)