[fw-wiz] Re: [OT?] Anybody Recognize These Uploads?
From: Eric N. Valor (ericv@cruzio.com)
Date: 12/25/02
- Next message: Henning Brauer: "Re: [fw-wiz] Re: [OT?] Anybody Recognize These Uploads?"
- Previous message: Bill Royds: "RE: [fw-wiz] [OT?] Anybody Recognize These Uploads?"
- Next in thread: Henning Brauer: "Re: [fw-wiz] Re: [OT?] Anybody Recognize These Uploads?"
- Reply: Henning Brauer: "Re: [fw-wiz] Re: [OT?] Anybody Recognize These Uploads?"
- Maybe reply: Noonan, Wesley: "RE: [fw-wiz] Re: [OT?] Anybody Recognize These Uploads?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com, jseymour@LinxNet.com From: "Eric N. Valor" <ericv@cruzio.com> Date: Wed Dec 25 09:42:01 2002
Well, I can't say what the data might be. But dip.t-dialin.net is a
constant source of anon FTP scans. The admins claim to care, but
don't. Just delete the data and filter that netblock.
At 12:00 PM 12/24/2002 -0500, you wrote:
>Hi All,
>
>Maybe kind of off-topic, maybe not.
>
>My FTP server at home allows sand-boxed FTP uploads [1]. Occasionally
>I see things in there with all-numeric filenames. They seem to be some
>kind of unidentified [2] data. They're all the same size. Here's
>what's there currently:
>
>$ ls -l [0-9]*
>-rw-rw-r-- 1 ftp ftp 104154 Dec 20 18:21 389.204
>-rw-rw-r-- 1 ftp ftp 104154 Dec 21 09:27 449.833
>-rw-rw-r-- 1 ftp ftp 104154 Dec 24 08:15 57.605
>-rw-rw-r-- 1 ftp ftp 104154 Nov 29 13:30 689.279
>-rw-rw-r-- 1 ftp ftp 104154 Dec 23 12:31 881.787
>
>With one exception, these all came from dip.t-dialin.net space. The
>other came from gte.net space. All users anon logged in as
>"ano@ano.com."
>
>I long ago disallowed FTP access by wanadoo.fr users due to wide-spread
>FTP abuse from that space and poor abuse handling by wanadoo.fr. I'm
>wondering if this isn't the same kind of thing?
>
>[1] FTP "incoming" directory is write-only. Users can't even get a
> directory listing and file over-writes are prohibited.
>[2] Unidentified by "file mumble"
>
>Thanks,
>Jim
>--
>Jim Seymour | PGP Public Key available at:
>jseymour@LinxNet.com | http://www.uk.pgp.net/pgpnet/pks-commands.html
>http://jimsun.LinxNet.com |
-- Eric N. Valor ericv@cruzio.com PGP Key 2048/1024 227B04CB Key Fingerprint = 766C CA15 0FFF E54B 2FEE C7D7 0F87 3AFB 227B 04CB : This Space Intentionally Left Blank :
- Next message: Henning Brauer: "Re: [fw-wiz] Re: [OT?] Anybody Recognize These Uploads?"
- Previous message: Bill Royds: "RE: [fw-wiz] [OT?] Anybody Recognize These Uploads?"
- Next in thread: Henning Brauer: "Re: [fw-wiz] Re: [OT?] Anybody Recognize These Uploads?"
- Reply: Henning Brauer: "Re: [fw-wiz] Re: [OT?] Anybody Recognize These Uploads?"
- Maybe reply: Noonan, Wesley: "RE: [fw-wiz] Re: [OT?] Anybody Recognize These Uploads?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
