Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Interesting ftp traffic

From: "Michael Kopach" <kopam () augustana ab ca>
Date: Tue, 15 Oct 2002 12:15:51 -0600
Has anyone seen one of these before??


Oct 12 13:46:36 <server> proftpd[1582]: connect from
pD9511D26.dip.t-dialin.net
Oct 12 13:46:37 <server> proftpd[1582]: <server>
(pD9511D26.dip.t-dialin.net[217.81.29.38]) - FTP session opened. 
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:38] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:40] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:41] "CWD
temp" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:42] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:44] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:45] "CWD
tmp" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:47] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:48] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:50] "CWD
anonymous/_vti_pvt" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:51] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:53] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:54] "CWD
anonymous/incoming" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:55] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:57] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:58] "CWD
mailroot" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:46:59] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:01] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:02] "CWD
ftproot" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:03] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:05] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:06] "CWD
anonymous/pub" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:08] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:09] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:10] "CWD
anonymous/public" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:12] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:13] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:14] "CWD
_vti_cnf" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:16] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:17] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:21] "CWD
anonymous/_vti_cnf" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:22] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:24] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:25] "CWD
images" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:26] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:27] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:28] "CWD
_private" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:29] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:30] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:32] "CWD
cgi-bin" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:33] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:35] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:36] "CWD
usr" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:37] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:39] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:40] "CWD
usr/incoming" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:42] "MKD
_pringles" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:43] "PWD "
-
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:44] "CWD
home" -
pD9511D26.dip.t-dialin.net 217.81.29.38 [1582] nobody [13:47:46] "MKD
_pringles" -
Oct 12 13:47:47 <server> proftpd[1582]: <server>
(pD9511D26.dip.t-dialin.net[217.81.29.38]) - FTP session closed. 

Fortunately I did not find any "_pringles" directory and no other
damage seemed to be done.

Thanks .... Mike





-------------------------------------------------------
This sf.net email is sponsored by: viaVerio will pay you up to
$1,000 for every account that you consolidate with us.
http://ad.doubleclick.net/clk;4749864;7604308;v?
http://www.viaverio.com/consolidator/osdn.cfm
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: