|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: ftp scan (was Re: web related oddity)
From: Matthew S. Hallacy (poptix
HYDROGEN.POPTIX.NET)Date: Wed Mar 08 2000 - 13:19:29 CST
- Next message: Dragos Ruiu: "Re: Weird UDP packets"
- Previous message: Donald McLachlan: "Re: web related oddity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
(Oops, i accidently pasted that subject in the original message)
Now that I'm here at work I've talked to our helpdesk and we did have a
customer report that he also was scanned lastnight on his dedicated
connection (different /24) quite odd.
On Wed, 8 Mar 2000, Bill Pennington wrote:
> Some scan a few boxes in my address space for FTP servers yesterday as
> well.
>
> Snort log:
>
> Mar 7 16:01:19 homeIP:4874 -> 1.2.3.232:21 SYN **S*****
> Mar 7 16:01:25 homeIP:4870 -> 1.2.3.228:21 SYN **S*****
> Mar 7 16:01:25 homeIP:4871 -> 1.2.3.229:21 SYN **S*****
> Mar 7 16:01:25 homeIP:4874 -> 1.2.3.232:21 SYN **S*****
> Mar 7 16:01:25 homeIP:4868 -> 1.2.3.226:21 SYN **S*****
> Mar 7 16:01:25 homeIP:4872 -> 1.2.3.230:21 SYN **S*****
> Mar 7 16:01:25 homeIP:4869 -> 1.2.3.227:21 SYN **S*****
>
> Sinc I don't run any ftp services I assume he/she moved on. I have no
> further activity from this IP address.
>
- Next message: Dragos Ruiu: "Re: Weird UDP packets"
- Previous message: Donald McLachlan: "Re: web related oddity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]