Security Incidents mailing list archives
Re: scanning from WANADOO-CABLE-BD
From: "Pieter-Bas IJdens" <pieter-bas () ijdens com>
Date: Tue, 4 Jun 2002 10:33:23 +0200
This is done by an automated scanning tool called grim's ping. Take a look at http://grimsping.cjb.net/ to learn more about it. The software is used not to find vulnerable ftp servers, but to find misconfigured ftp servers that can be used to trade warez on. I think many people are being scanned by this tool. Most scans I get that follow this pattern either come from wanadoo.fr or t-dialin.net/t-online.de. These imo are the two european ISPs that have a large number of cable/dsl users, but are least likely to act on complaints. Pieter-Bas
My ftp server has been getting probed to see if it accepts anonymous
uploads
from ftp@.*wanadoo.fr. Specifically: 217.128.209.122 80.13.216.42 80.13.237.189 217.128.235.25 It appears to be a script checking: /images/:
...
/usr/incoming/:
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- scanning from WANADOO-CABLE-BD Hugo van der Kooij (Jun 02)
- Re: scanning from WANADOO-CABLE-BD Jon Nelson (Jun 03)
- Re: scanning from WANADOO-CABLE-BD Pieter-Bas IJdens (Jun 04)
- Re: scanning from WANADOO-CABLE-BD Abhi (Jun 04)
- <Possible follow-ups>
- RE: scanning from WANADOO-CABLE-BD Jonkman, Matthew A. (Jun 03)
- RE: scanning from WANADOO-CABLE-BD NESTING, DAVID M (SBCSI) (Jun 03)
- Re: scanning from WANADOO-CABLE-BD Jon Nelson (Jun 03)