[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: Re: What kind of ftp attack is this?
From: "Marcus J. Ranum" <mjr () nfr ! net>
Date: 1999-03-25 21:32:44
[Download RAW message or body]
>>> Mar 24 13:51:34 strip ftpd[2699]: refused PORT 0,1328 from 193.226.92.xxx
>>> Mar 24 13:51:49 strip ftpd[2703]: refused PORT 0,1331 from 193.226.92.xxx
Looks like someone using FTP bouncing to do a port scan.
This is why having FTP servers behind firewalls is a Bad Thing.
See
http://www.clark.net/pub/mjr/pubs/attck/sld052.htm
for a sketchy overview of FTP bouncing. You can extrapolate
bouncing to do all kind of stuff like scanning, denial of
service, etc.
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic