Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FTP scans from wanadoo.fr

From: russell <R.FULTON () auckland ac nz>
Date: 18 Dec 2001 11:49:08 +1300
On Tue, 2001-12-18 at 06:59, Aaron Wolfe wrote:


hello,

for some time (weeks if not months) several of our remote offices have been
logging connects attempts to port 21 from various ips that resolve to
(something).wanadoo.fr.  since we have firewalls on many different networks
from several providers all logging these attempts, i'm fairly sure this is a
script randomly scanning ips.  I even put up an FTP server on one box to see
what would happen if port 21 was open, it attempted to login as anonymous
but I didn't let it go any further.


I've been wondering when someone would start complaining about wanadoo.
I have been reporting two or three ftp scans a day for months!  Let's
hope that they actually do something about it now.

Not far behind wanadoo.fr is t-online.de (which I believe is a large
German ISP). I am seeing about five ftp scans a week from t-online.de,
all are reported to their abuse address.

Does anyone have any contacts who might ba able to get some real action
on this issue?

Cheers, Russell


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: