Network Security: Detailed info on Attempted FTP intrusion

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Attempted FTP intrusion

from [David Gillett] Network Security

[Permanent Link]

Subject:	Attempted FTP intrusion
Date:	Wed, 31 Jan 2007 09:43:22 -0800

  Around 4:45am(PST) this morning, a particular machine belonging to
a Korean advertising company ("VAAN") began connecting to our
public addresses on TCP port 21 (FTP).  (It may have spent some time 
earlier trying to connect to our DHCP ranges and getting dropped at
the border routers.)
  From about 7:50am(PST), it began to randomly try passwords to log
on as "Admin" or "Guest" to the various systems it had found.  None
of these login attempts had succeeded when I blocked inbound traffic 
from that address around 8:50am(PST).

  Although none of the login attempts succeeded, on some machines it 
also attempted to remove a directory named "sarcaxxo".  This links it
to incidents reported by other sites as far back as the beginning of
November 2006.  Nobody yet seems to know what's behind this.

David Gillett

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Tracking down random ICMP, Craig Chamberlain Re: Tracking down random ICMP, Kyle Maxwell Re: Tracking down random ICMP, Valdis . Kletnieks Re: Tracking down random ICMP, Jose Nazario Re: Tracking down random ICMP, Bojan Zdrnja Re: Tracking down random ICMP, Javier Fernández-Sanguino Re: Tracking down random ICMP, Valdis . Kletnieks Attempted FTP intrusion, David Gillett <= Re: Attempted FTP intrusion, Tillmann Werner

Previous by Date:	[Full-disclosure] 2007 Security OPUS CFP: Closed (Agenda included), Sharkey
Next by Date:	Re: Attempted FTP intrusion, Tillmann Werner
Previous by Thread:	Re: Tracking down random ICMP, Valdis . Kletnieks
Next by Thread:	Re: Attempted FTP intrusion, Tillmann Werner
Indexes:	[Date] [Thread] [Top] [All Lists]