[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewall-wizards
Subject:    [fw-wiz] [OT?] Anybody Recognize These Uploads?
From:       jseymour () LinxNet ! com (Jim Seymour)
Date:       2002-12-24 14:05:33
[Download RAW message or body]

Hi All,

Maybe kind of off-topic, maybe not.

My FTP server at home allows sand-boxed FTP uploads [1].  Occasionally
I see things in there with all-numeric filenames.  They seem to be some
kind of unidentified [2] data.  They're all the same size.  Here's
what's there currently:

$ ls -l [0-9]* 
-rw-rw-r--   1 ftp      ftp       104154 Dec 20 18:21 389.204
-rw-rw-r--   1 ftp      ftp       104154 Dec 21 09:27 449.833
-rw-rw-r--   1 ftp      ftp       104154 Dec 24 08:15 57.605
-rw-rw-r--   1 ftp      ftp       104154 Nov 29 13:30 689.279
-rw-rw-r--   1 ftp      ftp       104154 Dec 23 12:31 881.787

With one exception, these all came from dip.t-dialin.net space.  The
other came from gte.net space.  All users anon logged in as
"ano@ano.com."

I long ago disallowed FTP access by wanadoo.fr users due to wide-spread
FTP abuse from that space and poor abuse handling by wanadoo.fr.  I'm
wondering if this isn't the same kind of thing?

[1] FTP "incoming" directory is write-only.  Users can't even get a
    directory listing and file over-writes are prohibited.
[2] Unidentified by "file mumble"

Thanks,
Jim
-- 
Jim Seymour                  | PGP Public Key available at:
jseymour@LinxNet.com         | http://www.uk.pgp.net/pgpnet/pks-commands.html
http://jimsun.LinxNet.com    |
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]