Security Incidents mailing list archives
Re: scanning from WANADOO-CABLE-BD
From: "Abhi" <abhi_sri () subdimension com>
Date: Wed, 5 Jun 2002 00:21:53 +0900
These are Server-farms used by an audiogalaxy application. Essentially, they are trying to find writable ftp-servers on the net and trying to load illegal mp3s on your servers if it is found to have anonymous ftp enabled. It is an automated application. Don't bother contacting the ISP. They are doing it intentionally, and will ignore your mails. Just block the whole domain. And disable anonymous-ftp ofcourse. Regards, Abhi ----- Original Message ----- From: "Jon Nelson" <quincy () linuxnotes net> To: "Hugo van der Kooij" <hvdkooij () vanderkooij org> Cc: <incidents () securityfocus com> Sent: Tuesday, June 04, 2002 4:14 AM Subject: Re: scanning from WANADOO-CABLE-BD
My ftp server has been getting probed to see if it accepts anonymous
uploads
from ftp@.*wanadoo.fr. Specifically: 217.128.209.122 80.13.216.42 80.13.237.189 217.128.235.25 It appears to be a script checking: /images/: /_private/: /cgi-bin/: /usr/: /usr/incoming/: /home/: /public/: /pub/incoming/: /incoming/: /_vti_pvt/: /upload/: /home/: /temp/: /wwwroot/: /cgi-bin/: /cgibin/: /in/: /_vti_cnf/: /_vti_txt/: /_vti_log/: /anonymous/: /outgoing/: /tmp/: /mailroot/: /ftproot/: /images/: /_private/: /usr/: /public/incoming/: /anonymous/_vti_pvt/: /anonymous/incoming/: /anonymous/pub/: /anonymous/public/: /usr/incoming/: On 02/06/02 20:16 +0200, Hugo van der Kooij wrote:Hi, Did others notice intensive scans from: inetnum: 213.17.86.0 - 213.17.89.255 netname: WANADOO-CABLE-BD as well? Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger.--------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com-- ----------------NOTE NEW EMAIL ADDRESS--------------------- Trooper Jon S. NELSON, Linux Certified Admin. (Sair/GNU) Pennsylvania State Police, Computer Crimes Unit Office: 610-344-4471 Page: 866-284-1603 (Toll Free) --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- scanning from WANADOO-CABLE-BD Hugo van der Kooij (Jun 02)
- Re: scanning from WANADOO-CABLE-BD Jon Nelson (Jun 03)
- Re: scanning from WANADOO-CABLE-BD Pieter-Bas IJdens (Jun 04)
- Re: scanning from WANADOO-CABLE-BD Abhi (Jun 04)
- <Possible follow-ups>
- RE: scanning from WANADOO-CABLE-BD Jonkman, Matthew A. (Jun 03)
- RE: scanning from WANADOO-CABLE-BD NESTING, DAVID M (SBCSI) (Jun 03)
- Re: scanning from WANADOO-CABLE-BD Jon Nelson (Jun 03)