On Tue, 31 Oct 2000, Mike A. Harris wrote:
> On Sun, 29 Oct 2000, Ian Eure wrote:
>
> >Date: Sun, 29 Oct 2000 15:58:56 -0800
> >From: Ian Eure <ieure_at_SICKFUCK.ORG>
> >To: INCIDENTS_at_SECURITYFOCUS.COM
> >Content-Type: TEXT/PLAIN; charset=US-ASCII
> >Subject: big increase in ftp scanning
> >
> >i've seen a ton of ftp scans in the last week.
> >
> >they have come from:
> >
> >62.226.217.222 (p3EE2D9DE.dip.t-dialin.net)
I didn't see any ftp scans from t-dialin.net, but I did see several
tries for http (1080 and 80) as well as tries for pop servers (110).
I don't normally see a lot of scans for ftp daemons. Usually they are
trying for http and pop servers or open mail relays.
However, checking my logs, I did see a big spike in probes for tcp port
23 between 8 and 20 Oct. These were mainly from two subnets, sonic.net
and adelphia.net. This activity seemed to tail off almost entirely
after 21 Oct.
Received on Nov 05 2000
Intro
