[Dshield] FTP Server Heads Up

David Cary Hart DShield at TQMcube.com
Mon Aug 15 16:43:40 GMT 2005

This could be an exploit. I am seeing a number of the following (four or
five per day):

        ALyon-152-1-8-172.w83-197.abo.wanadoo.fr ftp
        [15/Aug/2005:12:05:52 +0000] "MKD 050815140458p" 550 -
        ALyon-152-1-8-172.w83-197.abo.wanadoo.fr ftp
        [15/Aug/2005:12:05:53 +0000] "MKD 050815140459p" 550 -

The host changes and the directory name reflects the date but the scheme
is the same. For example:

        39.20.102-84.rev.gaoland.net ftp [14/Aug/2005:11:51:25 +0000]
        "MKD 050814135128p" 550 -
        39.20.102-84.rev.gaoland.net ftp [14/Aug/2005:11:51:29 +0000]
        "MKD 050814135132p" 550 -

Tired of spam? Do YOUR part: http://www.BoulderPledge.org
Our DNSRBL - Eliminate Spam: http://www.TQMcube.com/spam_trap.htm
              RBLDNSD HowTo: http://www.TQMcube.com/rbldnsd.htm
                    Multi-RBL Check: http://www.TQMcube.com/rblcheck.htm

More information about the list mailing list