OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Carey, Steve T ISD (steve.careyredstone.army.mil)
Date: Mon Jul 08 2002 - 10:33:46 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    It is an automated scan by a someone looking for anonymous FTP servers with
    read/write privileges enabled. If they find one they will use it as a warez
    site until found by the SA.
    Steve Carey

    -----Original Message-----
    From: harston [mailto:harstonpoczta.fm]
    Sent: Monday, July 08, 2002 8:18 AM
    To: incidentssecurityfocus.com
    Subject: ftp directory scan

    mailto: incidentssecurityfocus.com,

    About one week ago i start to watch this strange 'directory scans'.
    I wonder does it can be only some script witch search something on
    ftp or some worm ( look at nine line of log).

    pb211.wieliczka.sdi.tpnet.pl UNKNOWN nobody [07/Jul/2002:00:52:17 +0200] "USER
    anonymous" 331 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "PASS
    Wgpuserhome.com" 230 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD
    /pub/" 550 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD
    /public/" 550 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD
    /pub/incoming/" 550 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD
    /incoming/" 550 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD
    /_vti_pvt/" 550 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /"
    250 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "MKD
    020707005736p" 550 -
    pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD
    /upload/" 550 - 

    --
[harston][Another Linux User #221813]

    ----------------------------------------------------------------------
Wiesz, co zdarzylo sie dzisiaj? >>> http://link.interia.pl/f1606

    ----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

    ----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com