Re: FTP back in Vogue?

From: Nathan W. Labadie (ab0781@wayne.edu)
Date: 03/13/02


From: "Nathan W. Labadie" <ab0781@wayne.edu>
To: "leon" <leon@inyc.com>, <incidents@securityfocus.com>
Date: Wed, 13 Mar 2002 15:44:13 -0500

Same here. We've got snort watching two /16's, and there has been a
substantial increase in both ftp vulnerability scans and searches for
"open" ftp servers (ie, default IIS... anonymous w/ write permissions).

On Wednesday 13 March 2002 02:59 pm, leon wrote:
> Hi everyone,
>
> Just curious if there is something going on with ftp. Seem to be
> getting scanned quite a bit for it (all different networks). Not
> sure if the ips are static or dynamic. This is a machine running
> zonelarm on it. Haven't seen this many probes in a short time since
> the wu-ftpd vuln.
>
> The firewall has blocked Internet access to your computer (FTP) from
> 24.190.34.140 (FTP) [TCP Flags: S].
>
> Time: 3/13/2002 11:50:02 AM
>
> The firewall has blocked Internet access to your computer (FTP) from
> 195.55.99.89 (TCP Port 3178) [TCP Flags: S].
>
> Time: 3/13/2002 1:31:58 PM
>
> The firewall has blocked Internet access to your computer (FTP) from
> 80.133.117.45 (TCP Port 3650) [TCP Flags: S].
>
> Time: 3/13/2002 2:55:36 PM
>
> The firewall has blocked Internet access to your computer (FTP) from
> 63.133.117.45 (TCP Port 2792) [TCP Flags: S].
>
> Time: 3/13/2002 2:58:42 PM
>
> Regards,
>
> Leon
>
>
>
> ---------------------------------------------------------------------
>------- This list is provided by the SecurityFocus ARIS analyzer
> service. For more information on this free incident handling,
> management and tracking system please see:
> http://aris.securityfocus.com

-- 
Nathan W. Labadie       | ab0781@wayne.edu	
Sr. Security Specialist | 313/577.2126
Wayne State University  | 313/577.1338 fax
C&IT Information Security Office: http://security.wayne.edu

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com