[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Is this coincidence or what - FTP Scans
- Subject: RE: [cobalt-security] Is this coincidence or what - FTP Scans
- From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
- Date: Wed, 17 Oct 2001 10:39:46 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Simon Wilson wrote:
> I also get a lot of scans and most ftp connections from
> dip.t-dialin.net and wanadoo. If this is widespread, can
> we not collectively do something about it? Both
> dip.t-dialin.net and wanadoo ignore (or at least
> don't acknowledge) reports of this, even if you complain
> that they are repeated attempts (I don't bother with
> reporting unless the offender repeatedly does it).
It's all automated. Welcome to the land of broadband - Deutsche Telekom and
many other European providers have gone for ADSL in a big way, and sadly
there are a lot of leeches out there who are making damn good use of it.
There's a program kicking around - I forget what it's called - which scans
netblocks for FTP, attempts anonymous connections, if it gets one it
immediately tries a one or two megabyte upload and again, if successful it
reports back into a table with all the speeds.
The operator then picks a machine and uploads all manner of crap to it -
DivX/VCD videos, porn, W4r3z and so on. They then 'privately' advertise this
to other leeches over IRC and suddenly: BOOM - your data transfer goes
through the roof.
It affects Windows machines running IIS FTP service mainly, because
out-of-the-box it has Anonymous access enabled. Out-of-the-box, the default
FTPRoot directory is world writeable. You work it out ;-)
Just ignore it. Or at least, grow to tolerate it, because you'll be seeing
more of it in future :(
Graeme
--
Graeme Fowler
System Administrator
Host Europe Group PLC