Re: FTP scans from wanadoo.fr
From: Alexandre Pinto (alexcp@ciphertech.com.br)Date: 12/18/01
- Previous message: dr john halewood: "Re: FTP scans from wanadoo.fr"
- In reply to: dr john halewood: "Re: FTP scans from wanadoo.fr"
- Next in thread: Replugge [Rod]: "Re: FTP scans from wanadoo.fr - MOre info"
- Next in thread: Barber, Chris: "RE: FTP scans from wanadoo.fr"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Alexandre Pinto" <alexcp@ciphertech.com.br> To: <incidents@securityfocus.com>, "dr john halewood" <john@frumious.unidec.co.uk> Date: Tue, 18 Dec 2001 16:36:43 -0200
> the anonymous login password: frequently [A-Z]gpuser@home.com
> an attempt to cd to some directories: /ftproot, /wwwroot, /_vti_bin,
> /_vti_cnf, /cgi-bin, amongst others: the pattern varies, but all requests
> take place within a second, so it's definitely scripted. This is followed by
> an attempt to create a number of directories with a name such as
> 011203022432p, where the first 6 digits are YYMMDD.
>
> Anyone recognise the tool?
That must be Grim's Ping (http://grimsping.cjb.net/).
There was a discussion about attacks generated by this tool recently on other
SecurityFocus lists (not sure if it was Vuln-Dev or Pen-Test).
Cheers,
Alexcp
-- Alexandre Correia Pinto Desenvolvimento de Produto Cipher Technology http://www.ciphertech.com.br _____ "Segurança em TI - uma especialidade Cipher Technology"----- Original Message ----- From: "dr john halewood" <john@frumious.unidec.co.uk> To: <aaron@aaronwolfe.com>; <incidents@securityfocus.com> Sent: Tuesday, December 18, 2001 8:49 AM Subject: Re: FTP scans from wanadoo.fr
> There's a distinct pattern to these scans from wanadoo. Looking through some > logs (I allow anonymous login but with read-only access on one box). I've > noticed the following: > > Cheers > john > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > > > >
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: dr john halewood: "Re: FTP scans from wanadoo.fr"
- In reply to: dr john halewood: "Re: FTP scans from wanadoo.fr"
- Next in thread: Replugge [Rod]: "Re: FTP scans from wanadoo.fr - MOre info"
- Next in thread: Barber, Chris: "RE: FTP scans from wanadoo.fr"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
