OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
From: Elias Levy (aleph1SECURITYFOCUS.COM)
Date: Thu Jul 06 2000 - 12:25:33 CDT

Message-Id: <200007052318.QAA07076draco.acs.uci.edu>
To: Gregory A Lundberg <lundbergwu-ftpd.org>
Cc: BUGTRAQsecurityfocus.com
Subject: Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)
Date: Wed, 05 Jul 2000 16:18:18 -0700
From: Mike Iglesias <iglesiasdraco.acs.uci.edu>

> - I, personally, have seen NO scanning for FTP services on my networks.
> While this is admitedly anecdotal evidence, the last exploit against
> WU-FTPD, which _did_ work and _was_ in widespread use, was acompanied by
> a marked increase in such scans on the networks I manage. I have talked
> with several other network operators and most report no increase in
> scanning; one did report he is seeing some FTP probes on his campus.
> The probes and scans I am seeing are consistent with the most-recent
> CERT Current Activity report (
> http://www.cert.org/current/current_activity.html ).

We have seen an increase in ftp port scanning after the first notice of
the bug was reported. We get scans almost every day, but it has increased
to more than one a day in the last week or so.

Mike Iglesias Internet: iglesiasdraco.acs.uci.edu
University of California, Irvine phone: 949-824-6926
Network & Academic Computing Services FAX: 949-824-2069