Re: FTP back in Vogue?

From: Nathan W. Labadie (ab0781@wayne.edu)
Date: 03/13/02


From: "Nathan W. Labadie" <ab0781@wayne.edu>
To: "leon" <leon@inyc.com>, <incidents@securityfocus.com>
Date: Wed, 13 Mar 2002 15:44:13 -0500

Same here. We've got snort watching two /16's, and there has been a
substantial increase in both ftp vulnerability scans and searches for
"open" ftp servers (ie, default IIS... anonymous w/ write permissions).

On Wednesday 13 March 2002 02:59 pm, leon wrote:
> Hi everyone,
>
> Just curious if there is something going on with ftp. Seem to be
> getting scanned quite a bit for it (all different networks). Not
> sure if the ips are static or dynamic. This is a machine running
> zonelarm on it. Haven't seen this many probes in a short time since
> the wu-ftpd vuln.
>
> The firewall has blocked Internet access to your computer (FTP) from
> 24.190.34.140 (FTP) [TCP Flags: S].
>
> Time: 3/13/2002 11:50:02 AM
>
> The firewall has blocked Internet access to your computer (FTP) from
> 195.55.99.89 (TCP Port 3178) [TCP Flags: S].
>
> Time: 3/13/2002 1:31:58 PM
>
> The firewall has blocked Internet access to your computer (FTP) from
> 80.133.117.45 (TCP Port 3650) [TCP Flags: S].
>
> Time: 3/13/2002 2:55:36 PM
>
> The firewall has blocked Internet access to your computer (FTP) from
> 63.133.117.45 (TCP Port 2792) [TCP Flags: S].
>
> Time: 3/13/2002 2:58:42 PM
>
> Regards,
>
> Leon
>
>
>
> ---------------------------------------------------------------------
>------- This list is provided by the SecurityFocus ARIS analyzer
> service. For more information on this free incident handling,
> management and tracking system please see:
> http://aris.securityfocus.com

-- 
Nathan W. Labadie       | ab0781@wayne.edu	
Sr. Security Specialist | 313/577.2126
Wayne State University  | 313/577.1338 fax
C&IT Information Security Office: http://security.wayne.edu

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • [NEWS] Symantec Enterprise Firewall FTP Bounce Vulnerability (Patch Available)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Raptor Firewall FTP Bounce Vulnerability. ... PORT command referenced a destination that doesn't ...
    (Securiteam)
  • Re: Problem about Window Xp SP2 firewall and the buildin FTP command
    ... Problem about Window Xp SP2 firewall and the buildin FTP ... I find a problem that if running multiple FTP command at the same ... Windows XP SP2 to limit Max Connections/sec ...
    (microsoft.public.windowsxp.general)
  • Problem about Window XP SP2 firewall and the buildin FTP command
    ... Problem about Window Xp SP2 firewall and the buildin FTP ... I find a problem that if running multiple FTP command at the same ... Windows XP SP2 to limit Max Connections/sec ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Ftp connection - it worked
    ... I installed Comodo and it really allows me to connect to my ftp sites. ... strange behavior since the windows firewall allow my Limewire and MSN ... I would recommend that you install either ZoneAlarm ...
    (microsoft.public.windowsxp.general)
  • Re: Problems Using FTP
    ... I checked the Windows Firewall Properties Advanced tab and Exceptions ... tab.the FTP application I'm using is on the list of firewall Exceptions ... On Advanced tab, the only two services listed, 1394 connection and Local ...
    (microsoft.public.inetserver.iis.ftp)