Security Incidents mailing list archives
Re: ProFTPD Scan?
From: Mike Stilson <mstilson () HOME COM>
Date: Wed, 14 Mar 2001 15:11:08 -0500
On Mon, Mar 12, 2001 at 12:28:42PM -0500, Kurth Bemis wrote:
I found these in todays logs - notice the times "15:32:13" thats four hits at the same time. and then two at a different time. Looks like a DoS attempt to (although i've been known to have been wrong). In today's logs. Mar 12 15:30:28 trinity proftpd[19132]: trinity (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login failed): Can't find user.
<snip> Another log from abo.wanadoo.fr. He didn't do any damage, but managed to check my ftp directory while I was changing some things over. AStrasbourg-201-1-4-7.abo.wanadoo.fr UNKNOWN nobody [13/Mar/2001:16:16:34 -0500] "USER anonymous" 331 - AStrasbourg-201-1-4-7.abo.wanadoo.fr UNKNOWN ftp [13/Mar/2001:16:16:34 -0500] "PASS guest () here com" 230 - AStrasbourg-201-1-4-7.abo.wanadoo.fr UNKNOWN ftp [13/Mar/2001:16:16:35 -0500] "CWD /pub/" 550 - AStrasbourg-201-1-4-7.abo.wanadoo.fr UNKNOWN ftp [13/Mar/2001:16:16:35 -0500] "CWD /public/" 550 - AStrasbourg-201-1-4-7.abo.wanadoo.fr UNKNOWN ftp [13/Mar/2001:16:16:35 -0500] "CWD /pub/incoming/" 550 - AStrasbourg-201-1-4-7.abo.wanadoo.fr UNKNOWN ftp [13/Mar/2001:16:16:35 -0500] "CWD /incoming/" 250 - AStrasbourg-201-1-4-7.abo.wanadoo.fr UNKNOWN ftp [13/Mar/2001:16:16:36 -0500] "MKD 010313221133p" 257 - AStrasbourg-201-1-4-7.abo.wanadoo.fr UNKNOWN ftp [13/Mar/2001:16:16:36 -0500] "RMD 010313221133p" 250 - AStrasbourg-201-1-4-7.abo.wanadoo.fr UNKNOWN ftp [13/Mar/2001:16:16:36 -0500] "SYST " 215 - AStrasbourg-201-1-4-7.abo.wanadoo.fr UNKNOWN ftp [13/Mar/2001:16:16:36 -0500] "REST 1" 350 - AStrasbourg-201-1-4-7.abo.wanadoo.fr UNKNOWN ftp [13/Mar/2001:16:16:36 -0500] "PASV " 227 - AStrasbourg-201-1-4-7.abo.wanadoo.fr UNKNOWN ftp [13/Mar/2001:16:16:37 -0500] "PORT 216,25,117,6,1,21" 500 - AStrasbourg-201-1-4-7.abo.wanadoo.fr UNKNOWN ftp [13/Mar/2001:16:16:37 -0500] "CWD ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp" 550 - Mail sent, but I've never had any response from them before so I don't expect one this time either.
Current thread:
- ProFTPD Scan? Kurth Bemis (Mar 12)
- Re: ProFTPD Scan? Janek Shein (Mar 12)
- Re: ProFTPD Scan? X (Mar 12)
- Re: ProFTPD Scan? Jose Nazario (Mar 12)
- Re: ProFTPD Scan? Steven J. Hill (Mar 13)
- Re: ProFTPD Scan? Kurth Bemis (Mar 14)
- Re: ProFTPD Scan? Rik van Riel (Mar 20)
- Re: ProFTPD Scan? Mike Stilson (Mar 14)
- <Possible follow-ups>
- Re: ProFTPD Scan? Guillaume.COURTOIS (Mar 15)