[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: [fw-wiz] [OT?] Anybody Recognize These Uploads?
From: jseymour () LinxNet ! com (Jim Seymour)
Date: 2002-12-24 14:05:33
[Download RAW message or body]
Hi All,
Maybe kind of off-topic, maybe not.
My FTP server at home allows sand-boxed FTP uploads [1]. Occasionally
I see things in there with all-numeric filenames. They seem to be some
kind of unidentified [2] data. They're all the same size. Here's
what's there currently:
$ ls -l [0-9]*
-rw-rw-r-- 1 ftp ftp 104154 Dec 20 18:21 389.204
-rw-rw-r-- 1 ftp ftp 104154 Dec 21 09:27 449.833
-rw-rw-r-- 1 ftp ftp 104154 Dec 24 08:15 57.605
-rw-rw-r-- 1 ftp ftp 104154 Nov 29 13:30 689.279
-rw-rw-r-- 1 ftp ftp 104154 Dec 23 12:31 881.787
With one exception, these all came from dip.t-dialin.net space. The
other came from gte.net space. All users anon logged in as
"ano@ano.com."
I long ago disallowed FTP access by wanadoo.fr users due to wide-spread
FTP abuse from that space and poor abuse handling by wanadoo.fr. I'm
wondering if this isn't the same kind of thing?
[1] FTP "incoming" directory is write-only. Users can't even get a
directory listing and file over-writes are prohibited.
[2] Unidentified by "file mumble"
Thanks,
Jim
--
Jim Seymour | PGP Public Key available at:
jseymour@LinxNet.com | http://www.uk.pgp.net/pgpnet/pks-commands.html
http://jimsun.LinxNet.com |
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic