[fw-wiz] [OT?] Anybody Recognize These Uploads?

From: Jim Seymour (jseymour@LinxNet.com)
Date: 12/24/02


To: firewall-wizards@honor.icsalabs.com
From: jseymour@LinxNet.com (Jim Seymour)
Date: Tue Dec 24 08:49:01 2002

Hi All,

Maybe kind of off-topic, maybe not.

My FTP server at home allows sand-boxed FTP uploads [1]. Occasionally
I see things in there with all-numeric filenames. They seem to be some
kind of unidentified [2] data. They're all the same size. Here's
what's there currently:

$ ls -l [0-9]*
-rw-rw-r-- 1 ftp ftp 104154 Dec 20 18:21 389.204
-rw-rw-r-- 1 ftp ftp 104154 Dec 21 09:27 449.833
-rw-rw-r-- 1 ftp ftp 104154 Dec 24 08:15 57.605
-rw-rw-r-- 1 ftp ftp 104154 Nov 29 13:30 689.279
-rw-rw-r-- 1 ftp ftp 104154 Dec 23 12:31 881.787

With one exception, these all came from dip.t-dialin.net space. The
other came from gte.net space. All users anon logged in as
"ano@ano.com."

I long ago disallowed FTP access by wanadoo.fr users due to wide-spread
FTP abuse from that space and poor abuse handling by wanadoo.fr. I'm
wondering if this isn't the same kind of thing?

[1] FTP "incoming" directory is write-only. Users can't even get a
    directory listing and file over-writes are prohibited.
[2] Unidentified by "file mumble"

Thanks,
Jim

-- 
Jim Seymour                  | PGP Public Key available at:
jseymour@LinxNet.com         | http://www.uk.pgp.net/pgpnet/pks-commands.html
http://jimsun.LinxNet.com    |


Relevant Pages

  • [fw-wiz] Re: [OT?] Anybody Recognize These Uploads?
    ... constant source of anon FTP scans. ... The admins claim to care, ... >FTP abuse from that space and poor abuse handling by wanadoo.fr. ...
    (Firewall-Wizards)
  • RE: [fw-wiz] [OT?] Anybody Recognize These Uploads?
    ... Warez people are generating them to test for availability of open FTP sites. ... They randomly generate a file of a standard size, then test whether they can retrieve it so that they know the site can be used as a repository for stolen software. ... FTP abuse from that space and poor abuse handling by wanadoo.fr. ...
    (Firewall-Wizards)