From: David Lucas <david@xxxxxxxxxxxxxxxx>
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-security] Is this coincidence or what - FTP Scans
Date: Tue, 16 Oct 2001 23:16:08 -0500
At 10:46 PM 10/16/2001, you wrote:
>(pD9526130.dip.t-dialin.net[217.82.97.48]) - USER anonymous
>(Login failed): Can't find user. Oct 16 04:40:59 ns
>proftpd[3308]: xxxxxxxxxx
>(pD9526130.dip.t-dialin.net[217.82.97.48]) - USER anonymous
>(Login failed): Can't find user. Oct 16 04:40:59 ns
>proftpd[3305]: xxxxxxxxxx
This is the same IP and Network that scans my raq4r on a daily basis.
Perhaps they like scanning and attempting ftp login on Aussies and
Kiwi's.
I have not had any malicious damage from them (that I can see)
Regards (from Australia)
Tim Lawson
The two most common I see are dip.t-dialin.net and abo.wanadoo.fr
I get some of the same ips and some different. But them over and over.
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security