nanog mailing list archives

Re: FTP exploit?

From: Spencer.Wood () dot state oh us
Date: Mon, 19 Mar 2001 16:22:17 -0500

Yes, FTP based attacks are up....Check out 
http://www.cert.org/current/current_activity.html#scans
****************************************************
Spencer Wood, Network Administrator
Ohio Department Of Transportation
1320 Arthur E. Adams Drive
Columbus, Ohio 43221 
E-Mail: Spencer.Wood () dot state oh us
Phone: 614.644.5422/Fax: 815.361.0714 
**************************************************** 




Clayton Fiske <clay () bloomcounty org>
Sent by: owner-nanog () merit edu
03/19/2001 04:01 PM

 
        To:     nanog () merit edu
        cc: 
        Subject:        FTP exploit?



Is there a (fairly) recent exploit for common ftp daemons going around
lately? In the past several days, I've seen a very noticeable jump in
the number of people attempting anonymous ftp logins. Typically I
noticed it once or twice a week, and usually single attempts, but now
they're coming in every few hours and they each make 4 attempts within
a second (which is one per IP bound to the box I'm watching). It looks
like it has to be some kind of script.

Anyone else seeing any noticeable increases like this?

-c

Current thread:

FTP exploit? Clayton Fiske (Mar 19)
- Re: FTP exploit? Ben Beuchler (Mar 19)
- Re: FTP exploit? Scott Francis (Mar 19)
  - Re: FTP exploit? ken harris. (Mar 19)
    - Re: FTP exploit? Daniel Roesen (Mar 20)
- <Possible follow-ups>
- Re: FTP exploit? Spencer . Wood (Mar 19)