Re: scanning from WANADOO-CABLE-BD

[Jon Nelson <quincy () linuxnotes net>]

My ftp server has been getting probed to see if it accepts anonymous uploads
from ftp@.*wanadoo.fr.  Specifically:

  217.128.209.122
  80.13.216.42
  80.13.237.189
  217.128.235.25

It appears to be a script checking:

/images/:
/_private/:
/cgi-bin/:
/usr/:
/usr/incoming/:
/home/:
/public/:
/pub/incoming/:
/incoming/:
/_vti_pvt/:
/upload/:
/home/:
/temp/:
/wwwroot/:
/cgi-bin/:
/cgibin/:
/in/:
/_vti_cnf/:
/_vti_txt/:
/_vti_log/:
/anonymous/:
/outgoing/:
/tmp/:
/mailroot/:
/ftproot/:
/images/:
/_private/:
/usr/:
/public/incoming/:
/anonymous/_vti_pvt/:
/anonymous/incoming/:
/anonymous/pub/:
/anonymous/public/:
/usr/incoming/:

On 02/06/02 20:16 +0200, Hugo van der Kooij wrote:
> Hi,
>
> Did others notice intensive scans from:
>       inetnum:      213.17.86.0 - 213.17.89.255
>       netname:      WANADOO-CABLE-BD
> as well?
>
>
> Hugo.
>
> -- 
> All email send to me is bound to the rules described on my homepage.
>     hvdkooij () vanderkooij org               http://hvdkooij.xs4all.nl/
>           Don't meddle in the affairs of sysadmins,
>           for they are subtle and quick to anger.
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com

-- 
----------------NOTE NEW EMAIL ADDRESS---------------------
Trooper Jon S. NELSON, Linux Certified Admin. (Sair/GNU)
Pennsylvania State Police, Computer Crimes Unit
Office:  610-344-4471
Page:  866-284-1603 (Toll Free)

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com