Security Incidents mailing list archives
Re: 2300 FTP accesses from Korea
From: Dug Song <dugsong () monkey org>
Date: Mon, 18 Jun 2001 20:51:49 -0400
On Sun, Jun 17, 2001 at 10:48:41PM -0700, Gregory McCann wrote:
Our log files show that someone at two different Korean ip addresses tried to access our ftp server (ProFTPD 1.2.0) over 2,300 times on Saturday. What's the point? Attempted denial of service maybe?
check your logs to see if these were all attempted logins to a single account. might be a simple FTP brute forcer, like ADMftpforce. also, keep in mind that Korea has over *4 million* ADSL subscribers - compare this to, say, Japan, with only about 40,000 subscribers, and you'll understand why it's sometimes extremely difficult to find the right person to follow up on an incident originating from there. your best bet is probably to contact the CERTCC-KR, as noted here before: http://www.certcc.or.kr/certcc/cert-2.htm further background on what may be the most wired (and wireless) country on the planet, per capita: http://www.brinjal.com/madan/korea.htm -d. --- http://www.monkey.org/~dugsong/
Current thread:
- Huge outgoing ICMP flows Vangelis Haniotakis (Jun 13)
- Re: Huge outgoing ICMP flows Trevor (Jun 13)
- Re: Huge outgoing ICMP flows Chris Ess (Jun 14)
- Re: Huge outgoing ICMP flows Bryan Andersen (Jun 15)
- Re: Huge outgoing ICMP flows Kurt Seifried (Jun 17)
- 2300 FTP accesses from Korea Gregory McCann (Jun 18)
- Re: 2300 FTP accesses from Korea ecofsky (Jun 18)
- Re: 2300 FTP accesses from Korea Derek Kwan (Jun 18)
- Re: 2300 FTP accesses from Korea Russell Fulton (Jun 18)
- Re: 2300 FTP accesses from Korea Dug Song (Jun 18)
- Re: Huge outgoing ICMP flows Bryan Andersen (Jun 15)
- Re: Huge outgoing ICMP flows Gary Maltzen (Jun 19)
- <Possible follow-ups>
- Re: Huge outgoing ICMP flows Robert G. Ferrell (Jun 15)