Re: What's the tool?

[H C <keydet89 () YAHOO COM>]

Regardless of the tool used, I can confirm the rest of
your assumptions.  This is exactly the signature I've
seen in FTP logs I've dealt with over the past 8
months or so.  Same login password (guest () here com),
same attempts to create a directory.

And yes...this tool IS attempting to catalogue future
warez sites....

--- Sean Brown <srbrown () APPGEO COM> wrote:
> Greetings,
> I've been seeing a number of, apparently, automated
> scans for FTP.  When
> an FTP site is found, the tool logs on anonymously
> and attempts to
> create a directory in a couple of different places.
> If unsuccessful, it
> logs off.   The directory it tries to create is
> named for the date/time
> of the probe, i.e. 010320101054p for March 20, 2001,
> 10:10:54pm.  Below
> are some log excerpts showing the probe.  All it
> appears to be doing is
> looking for upload capabilities on anonymous FTP
> sites (future warez
> locations?).  The source locations for the probes
> hitting me have been
> France and Germany.  IP header signatures indicate
> that the tool may be
> Windows based.
>
> Does anyone know what this tool is?


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/