Security Incidents mailing list archives
wu-ftpd attack ???
From: "Aaron D. Lewis" <aaron () jsw4 net>
Date: Mon, 25 Nov 2002 12:06:10 -0500
I'm experiencing a situation where wu-ftpd wu-ftpd-2.6.1-20 on Red Hat 7.2 2.4.18-18.7.x is getting broken by some specific type of scan (I think). When this happens, wu-ftpd just stops responding to connection requests but port 21 is still listening according to netstat -anl. I restart xinetd and all is well. Now, what I have managed to catch in the logs, just before the server stops, are several connections (or a scan) from a specific IP address to multiple virt hosts on my server. There is NO annon ftp and there are NO shell accounts. If someone is interested in the tcp dump for the FTP traffic during this, let me know. Other than that there is nothing suspicious in the logs. Can someone tell me what might be going on please... Aaron Lewis JSW4.NET aaron () jsw4 net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: wu-ftpd attack ??? Aaron Lewis (Nov 26)
- RE: wu-ftpd attack ??? Aaron Lewis (Nov 26)
- <Possible follow-ups>
- wu-ftpd attack ??? Aaron D. Lewis (Nov 27)
- Re: wu-ftpd attack ??? Rodrigo Barbosa (Nov 26)
- Re: wu-ftpd attack ??? David (Nov 27)
- Re: wu-ftpd attack ??? Rodrigo Barbosa (Nov 26)