Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: RE: ftp directory scan

RE: ftp directory scan

From: Carey, Steve T ISD <steve.carey_at_redstone.army.mil>
Date: Mon, 8 Jul 2002 10:33:46 -0500

It is an automated scan by a someone looking for anonymous FTP servers with
read/write privileges enabled. If they find one they will use it as a warez
site until found by the SA.
Steve Carey

-----Original Message-----
From: harston [mailto:harston_at_poczta.fm]
Sent: Monday, July 08, 2002 8:18 AM
To: incidents_at_securityfocus.com
Subject: ftp directory scan

mailto: incidents_at_securityfocus.com,

About one week ago i start to watch this strange 'directory scans'.
I wonder does it can be only some script witch search something on
ftp or some worm ( look at nine line of log).

pb211.wieliczka.sdi.tpnet.pl UNKNOWN nobody [07/Jul/2002:00:52:17 +0200] "USER
anonymous" 331 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "PASS
Wgpuser_at_home.com" 230 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD
/pub/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD
/public/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:18 +0200] "CWD
/pub/incoming/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD
/incoming/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD
/_vti_pvt/" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD /"
250 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "MKD
020707005736p" 550 -
pb211.wieliczka.sdi.tpnet.pl UNKNOWN ftp [07/Jul/2002:00:52:19 +0200] "CWD
/upload/" 550 - 

--
[harston][Another Linux User #221813]
----------------------------------------------------------------------
Wiesz, co zdarzylo sie dzisiaj? >>> http://link.interia.pl/f1606
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Received on Jul 08 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos