|
Security Incidents
mailing list archives
Re: scanning from WANADOO-CABLE-BD
From: Jon Nelson <quincy () linuxnotes net>
Date: Mon, 3 Jun 2002 15:14:04 -0400
My ftp server has been getting probed to see if it accepts anonymous uploads
from ftp () *wanadoo fr Specifically:
217.128.209.122
80.13.216.42
80.13.237.189
217.128.235.25
It appears to be a script checking:
/images/:
/_private/:
/cgi-bin/:
/usr/:
/usr/incoming/:
/home/:
/public/:
/pub/incoming/:
/incoming/:
/_vti_pvt/:
/upload/:
/home/:
/temp/:
/wwwroot/:
/cgi-bin/:
/cgibin/:
/in/:
/_vti_cnf/:
/_vti_txt/:
/_vti_log/:
/anonymous/:
/outgoing/:
/tmp/:
/mailroot/:
/ftproot/:
/images/:
/_private/:
/usr/:
/public/incoming/:
/anonymous/_vti_pvt/:
/anonymous/incoming/:
/anonymous/pub/:
/anonymous/public/:
/usr/incoming/:
On 02/06/02 20:16 +0200, Hugo van der Kooij wrote:
Hi,
Did others notice intensive scans from:
inetnum: 213.17.86.0 - 213.17.89.255
netname: WANADOO-CABLE-BD
as well?
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
--
----------------NOTE NEW EMAIL ADDRESS---------------------
Trooper Jon S. NELSON, Linux Certified Admin. (Sair/GNU)
Pennsylvania State Police, Computer Crimes Unit
Office: 610-344-4471
Page: 866-284-1603 (Toll Free)
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
| 
Intro
