[35942] in North American Network Operators' Group
Re: FTP exploit?
daemon@ATHENA.MIT.EDU (Spencer.Wood@dot.state.oh.us)
Mon Mar 19 16:43:11 2001
To: Clayton Fiske <clay@bloomcounty.org>
Cc: nanog@merit.edu, owner-nanog@merit.edu
Message-ID: <OF342C35E2.9B7F7650-ON85256A14.00755CFB@dot.state.oh.us>
From: Spencer.Wood@dot.state.oh.us
Date: Mon, 19 Mar 2001 16:22:17 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_alternative 00749D8485256A14_="
Errors-To: owner-nanog-outgoing@merit.edu
This is a multipart message in MIME format.
--=_alternative 00749D8485256A14_=
Content-Type: text/plain; charset="us-ascii"
Yes, FTP based attacks are up....Check out
http://www.cert.org/current/current_activity.html#scans
****************************************************
Spencer Wood, Network Administrator
Ohio Department Of Transportation
1320 Arthur E. Adams Drive
Columbus, Ohio 43221
E-Mail: Spencer.Wood@dot.state.oh.us
Phone: 614.644.5422/Fax: 815.361.0714
****************************************************
Clayton Fiske <clay@bloomcounty.org>
Sent by: owner-nanog@merit.edu
03/19/2001 04:01 PM
To: nanog@merit.edu
cc:
Subject: FTP exploit?
Is there a (fairly) recent exploit for common ftp daemons going around
lately? In the past several days, I've seen a very noticeable jump in
the number of people attempting anonymous ftp logins. Typically I
noticed it once or twice a week, and usually single attempts, but now
they're coming in every few hours and they each make 4 attempts within
a second (which is one per IP bound to the box I'm watching). It looks
like it has to be some kind of script.
Anyone else seeing any noticeable increases like this?
-c
--=_alternative 00749D8485256A14_=
Content-Type: text/html; charset="us-ascii"
<br><font size=2 face="sans-serif">Yes, FTP based attacks are up....Check out http://www.cert.org/current/current_activity.html#scans<br>
</font><font size=2 face="Courier New">****************************************************<br>
Spencer Wood, Network Administrator<br>
Ohio Department Of Transportation<br>
1320 Arthur E. Adams Drive<br>
Columbus, Ohio 43221</font><font size=3 face="Times New Roman"> </font>
<p><font size=2 face="Courier New">E-Mail: </font><a href=mailto:Spencer.Wood@dot.state.oh.us><font size=2 color=blue face="Courier New"><u>Spencer.Wood@dot.state.oh.us</u></font></a><font size=2 face="Courier New"><br>
Phone: 614.644.5422/Fax: 815.361.0714</font><font size=3 face="Times New Roman"> </font><font size=2 face="Courier New"><br>
****************************************************</font><font size=3 face="Times New Roman"> </font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Clayton Fiske <clay@bloomcounty.org></b></font>
<br><font size=1 face="sans-serif">Sent by: owner-nanog@merit.edu</font>
<p><font size=1 face="sans-serif">03/19/2001 04:01 PM</font>
<br>
<td><font size=1 face="Arial"> </font>
<br><font size=1 face="sans-serif"> To: nanog@merit.edu</font>
<br><font size=1 face="sans-serif"> cc: </font>
<br><font size=1 face="sans-serif"> Subject: FTP exploit?</font></table>
<br>
<br>
<br><font size=2 face="Courier New"><br>
Is there a (fairly) recent exploit for common ftp daemons going around<br>
lately? In the past several days, I've seen a very noticeable jump in<br>
the number of people attempting anonymous ftp logins. Typically I<br>
noticed it once or twice a week, and usually single attempts, but now<br>
they're coming in every few hours and they each make 4 attempts within<br>
a second (which is one per IP bound to the box I'm watching). It looks<br>
like it has to be some kind of script.<br>
<br>
Anyone else seeing any noticeable increases like this?<br>
<br>
-c<br>
<br>
<br>
</font>
<br>
<br>
--=_alternative 00749D8485256A14_=--
