Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CodeRed-like FTP worm?

From: H C <keydet89 () yahoo com>
Date: Thu, 13 Dec 2001 12:42:37 -0800 (PST)
Rich,

What about the connections led you to think that this
was some kind of worm?  W/o a more detailed
explanation, it would seem that the logs show nothing
more than SYN packets...which doesn't really tell you
much. 

To be honest, there's nothing in the logs you've
included to indicate any kind of worm activity, let
alone Code Red-like activity.  Can you elaborate on
what it was that led you to this conclusion?

Thanks.

--- "Ascent - Compton, Richard"
<RCompton () ascent-corp com> wrote:

Hello,
I keep seeing attempted connections to ftp by
various boxes in the same
subnets.  Could this be some sort of scan for
vulnerable ftp servers?
Something like a CodeRed ftp worm?

Thanks for any info in advance,

Rich


Tue Dec 11 11:08:04    FTP connection from
80.11.101.8
Tue Dec 11 12:38:26    FTP connection from
210.65.171.32
Tue Dec 11 14:06:27    FTP connection from
193.253.37.13
Tue Dec 11 15:04:45    FTP connection from
193.253.37.13
Tue Dec 11 18:16:47    FTP connection from
217.136.112.196
Wed Dec 12 04:14:53    FTP connection from
202.224.159.46
Wed Dec 12 11:41:52    FTP connection from
141.24.92.89
Wed Dec 12 12:15:11    FTP connection from
80.11.85.121
Wed Dec 12 13:38:03    FTP connection from
213.191.132.98
Wed Dec 12 14:08:30    FTP connection from
210.58.12.142
Wed Dec 12 14:41:33    FTP connection from
217.129.33.236




----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS
analyzer service.
For more information on this free incident handling,
management 
and tracking system please see:
http://aris.securityfocus.com




__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: