OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] strange ftp-scan
From: Kurt Seifried (listuserseifried.org)
Date: Sat Oct 07 2000 - 17:28:41 CDT

>> However, thank you all, for the hints to better ftp-daemons!
>>
>> But there is still the same question: what could be the sense in doing a
>> ftp-connection very 5 minutes and also ICMP echo requests (pings).
>> There is no more process listening on port 21 (no more ftp in inetd.conf)
>> but there are still the same attempts:
>>
>
>Hmmm, if you don't suppress version information on your ftp server, some
>script kiddie may have seen that you are using a vulnerable ftp server,
>and may now be trying to break in with different exploit scipts.
>There isn't much I can tell you about the pings. He may just be probing to
>see if your server is up, since his connects to your ftp server are
>suddenly failing. But it could be something else altogether.

That is so utterly stupid. Most script kiddie attacks I have seen don't even
bother to be subtle at all, they just use the shotgun approach, taking an
exploit and pointing it at machines until they get in. Hiding version info
is pretty damn useless.

>Stefan

Kurt Seifried - seifriedsecurityportal.com
SecurityPortal, your focal point for security on the net
http://www.securityportal.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com