[35938] in North American Network Operators' Group
Re: FTP exploit?
daemon@ATHENA.MIT.EDU (Ben Beuchler)
Mon Mar 19 16:23:19 2001
Date: Mon, 19 Mar 2001 15:15:23 -0600
From: Ben Beuchler <insyte@emt-p.org>
To: Clayton Fiske <clay@bloomcounty.org>
Cc: nanog@merit.edu
Message-ID: <20010319151522.B14588@emt-p.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010319130139.A89061@bloomcounty.org>; from clay@bloomcounty.org on Mon, Mar 19, 2001 at 01:01:39PM -0800
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, Mar 19, 2001 at 01:01:39PM -0800, Clayton Fiske wrote:
> Is there a (fairly) recent exploit for common ftp daemons going around
> lately? In the past several days, I've seen a very noticeable jump in
> the number of people attempting anonymous ftp logins. Typically I
> noticed it once or twice a week, and usually single attempts, but now
> they're coming in every few hours and they each make 4 attempts within
> a second (which is one per IP bound to the box I'm watching). It looks
> like it has to be some kind of script.
>
> Anyone else seeing any noticeable increases like this?
My snort logs (on my home network) show at least one scan like that
every day, usually two or more.
Ben
--
Ben Beuchler There is no spoon.
insyte@emt-p.org -- The Matrix
