[[Tfug] FTP Server]
Brad Becker
investmgmt at usa.net
Tue Dec 2 16:22:01 MST 2003
>Will tell you about some log entries in another post ...
Over the past few days verbose ftp logging is showing stuff like this:
Make directory command:
MKD 031202034938p
Change directory commands:
CWD /pub/
CWD /_vti_pvt/
CWD /_vti_txt/
CWD /wwwroot/
CWD /mailroot/
CWD /ftproot/
CWD /home/
CWD /~tmp/
CWD /anonymous/public
Lots of other commands, all denied.
They're coming from different IP's. Someone told me this is a known attack on
IIS servers (gotta love Msof$), broadcasted in many cases by unknowing pc
owners who haven't patched. He mentioned there are so many out there that are
infected and that most admins don't know it and don't care if they do know
it.
Does this sound right?
Brad Becker
------------------
XP2100+ @ 2.18ghz
Shuttle AK35GT2
512mb HyperX 3000
Elsa GF3 ti200
Other stuff
More information about the tfug
mailing list