Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Joris De Donder (jorissecurity-downloads.com)
Date: Wed May 30 2001 - 11:19:33 CDT
Wednesday, May 30, 2001, 2:18:03 PM, you wrote:
IJ> I found the same attempt was made on some of our systems. I first noticed a
IJ> in our firewall logs last Tuesday or Wednesday (5/22-5/23). After ftp
IJ> service was detected, a login attempt was made by anonymous with password
IJ> guesthere.com. We have no need for anonymous login and our servers are
IJ> patched up to the latest security patch, so I didn't worry, just made note.
IJ> I just assumed it was someone looking for anonymous ftp servers. However,
IJ> given your information below, I beginning to suspect that it may be
IJ> something more malicious. Perhaps it is just a program looking for anonymous
IJ> ftp, but why try and created an *.asp file? Anyone else have some input?
They are looking for anonymous ftp servers they can use to store their
warez. Basically they just scan a range with a tool like 'grimsping'
(http://grimsping.cjb.net), upload a 1kb or 1Mb file to check the
speed on your server and use 'space.asp' to see how much free space is
Joris De Donder