[35936] in North American Network Operators' Group
FTP exploit?
daemon@ATHENA.MIT.EDU (Clayton Fiske)
Mon Mar 19 16:07:57 2001
Date: Mon, 19 Mar 2001 13:01:39 -0800
From: Clayton Fiske <clay@bloomcounty.org>
To: nanog@merit.edu
Message-ID: <20010319130139.A89061@bloomcounty.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Errors-To: owner-nanog-outgoing@merit.edu
Is there a (fairly) recent exploit for common ftp daemons going around
lately? In the past several days, I've seen a very noticeable jump in
the number of people attempting anonymous ftp logins. Typically I
noticed it once or twice a week, and usually single attempts, but now
they're coming in every few hours and they each make 4 attempts within
a second (which is one per IP bound to the box I'm watching). It looks
like it has to be some kind of script.
Anyone else seeing any noticeable increases like this?
-c
