[ Home | Liste | F.A.Q. |
Risorse | Cerca... ]
[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]
[ Home | Liste | F.A.Q. |
Risorse | Cerca... ]
Archivio: Agosto 2002 ml@sikurezza.org Soggetto: RE: Worm ftp? Mittente: Filippo Balicchia Data: 12 Aug 2002 01:15:21 -0000
Vai su http://project.honeynet.org/scans/arch/scan8.txt e troverai tutte le risposte che ti servono. Ciao. -- Fix -----Original Message----- From: Pascal Brax [mailto:hihi@pascalbrax.com] Sent: venerd́ 2 agosto 2002 8.57 To: ml@sikurezza.org Subject: Worm ftp? E' da un po' che nei logs del mio ftp trovo entry di questo genere: Tue 30 Jul 2002 [00:59:37] 000006 USER anonymous Tue 30 Jul 2002 [00:59:37] 000006 User Guest connected, login : anonymous Tue 30 Jul 2002 [00:59:37] 000006 331 User login OK, waiting for password Tue 30 Jul 2002 [00:59:38] 000006 PASS ********** Tue 30 Jul 2002 [00:59:38] 000006 User Guest logged in successfully Tue 30 Jul 2002 [00:59:38] 000006 230 User password OK, CesarFTP server ready Tue 30 Jul 2002 [00:59:38] 000006 CWD / Tue 30 Jul 2002 [00:59:38] 000006 250 Directory change OK Tue 30 Jul 2002 [00:59:38] 000006 MKD 020729235941p Tue 30 Jul 2002 [00:59:38] 000006 550 "/020729235941p" File/Directory not found Tue 30 Jul 2002 [00:59:38] 000006 CWD /pub/ Tue 30 Jul 2002 [00:59:38] 000006 550 "/pub/" File/Directory not found Tue 30 Jul 2002 [00:59:38] 000006 CWD /public/ Tue 30 Jul 2002 [00:59:38] 000006 550 "/public/" File/Directory not found Tue 30 Jul 2002 [00:59:38] 000006 CWD /_vti_pvt/ Tue 30 Jul 2002 [00:59:38] 000006 550 "/_vti_pvt/" File/Directory not found Tue 30 Jul 2002 [00:59:38] 000006 CWD /_vti_txt/ Tue 30 Jul 2002 [00:59:38] 000006 550 "/_vti_txt/" File/Directory not found Tue 30 Jul 2002 [00:59:38] 000006 CWD /_vti_cfg/ Tue 30 Jul 2002 [00:59:38] 000006 550 "/_vti_cfg/" File/Directory not found Tue 30 Jul 2002 [00:59:38] 000006 CWD /_vti_log/ Tue 30 Jul 2002 [00:59:38] 000006 550 "/_vti_log/" File/Directory not found Tue 30 Jul 2002 [00:59:39] 000006 CWD /_vti_cnf/ Tue 30 Jul 2002 [00:59:39] 000006 550 "/_vti_cnf/" File/Directory not found Tue 30 Jul 2002 [00:59:39] 000006 CWD /_private/ Tue 30 Jul 2002 [00:59:39] 000006 550 "/_private/" File/Directory not found Tue 30 Jul 2002 [00:59:39] 000006 CWD /incoming/ Tue 30 Jul 2002 [00:59:39] 000006 550 "/incoming/" File/Directory not found Tue 30 Jul 2002 [00:59:39] 000006 CWD /pub/incoming/ Tue 30 Jul 2002 [00:59:39] 000006 550 "/pub/incoming/" File/Directory not found Tue 30 Jul 2002 [00:59:39] 000006 CWD /public/incoming/ Tue 30 Jul 2002 [00:59:39] 000006 550 "/public/incoming/" File/Directory not found Tue 30 Jul 2002 [00:59:39] 000006 CWD /public_html/ Tue 30 Jul 2002 [00:59:39] 000006 550 "/public_html/" File/Directory not found Tue 30 Jul 2002 [00:59:40] 000006 CWD /upload/ Tue 30 Jul 2002 [00:59:40] 000006 550 "/upload/" File/Directory not found Tue 30 Jul 2002 [00:59:40] 000006 CWD /wwwroot/ Tue 30 Jul 2002 [00:59:40] 000006 550 "/wwwroot/" File/Directory not found Tue 30 Jul 2002 [00:59:40] 000006 CWD /mailroot/ Tue 30 Jul 2002 [00:59:40] 000006 550 "/mailroot/" File/Directory not found Tue 30 Jul 2002 [00:59:40] 000006 CWD /ftproot/ Tue 30 Jul 2002 [00:59:40] 000006 550 "/ftproot/" File/Directory not found Tue 30 Jul 2002 [00:59:40] 000006 CWD /home/ Tue 30 Jul 2002 [00:59:40] 000006 550 "/home/" File/Directory not found Tue 30 Jul 2002 [00:59:40] 000006 CWD /images/ Tue 30 Jul 2002 [00:59:40] 000006 550 "/images/" File/Directory not found Tue 30 Jul 2002 [00:59:40] 000006 CWD /web/ Tue 30 Jul 2002 [00:59:40] 000006 550 "/web/" File/Directory not found Tue 30 Jul 2002 [00:59:41] 000006 CWD /www/ Tue 30 Jul 2002 [00:59:41] 000006 550 "/www/" File/Directory not found Tue 30 Jul 2002 [00:59:41] 000006 CWD /html/ Tue 30 Jul 2002 [00:59:41] 000006 550 "/html/" File/Directory not found Tue 30 Jul 2002 [00:59:41] 000006 CWD /cgi-bin/ Tue 30 Jul 2002 [00:59:41] 000006 550 "/cgi-bin/" File/Directory not found Tue 30 Jul 2002 [00:59:41] 000006 CWD /usr/ Tue 30 Jul 2002 [00:59:41] 000006 550 "/usr/" File/Directory not found Tue 30 Jul 2002 [00:59:41] 000006 CWD /usr/incoming/ Tue 30 Jul 2002 [00:59:41] 000006 550 "/usr/incoming/" File/Directory not found Tue 30 Jul 2002 [00:59:42] 000006 CWD /temp/ Tue 30 Jul 2002 [00:59:42] 000006 550 "/temp/" File/Directory not found Tue 30 Jul 2002 [00:59:42] 000006 CWD /~temp/ Tue 30 Jul 2002 [00:59:42] 000006 550 "/~temp/" File/Directory not found Tue 30 Jul 2002 [00:59:42] 000006 CWD /tmp/ Tue 30 Jul 2002 [00:59:42] 000006 550 "/tmp/" File/Directory not found Tue 30 Jul 2002 [00:59:42] 000006 CWD /~tmp/ Tue 30 Jul 2002 [00:59:42] 000006 550 "/~tmp/" File/Directory not found Tue 30 Jul 2002 [00:59:42] 000006 CWD /outgoing/ Tue 30 Jul 2002 [00:59:42] 000006 550 "/outgoing/" File/Directory not found Tue 30 Jul 2002 [00:59:42] 000006 CWD /anonymous/ Tue 30 Jul 2002 [00:59:42] 000006 250 Directory change OK Tue 30 Jul 2002 [00:59:42] 000006 MKD 020729235945p Tue 30 Jul 2002 [00:59:42] 000006 550 "/anonymous/020729235945p" Access denied Tue 30 Jul 2002 [00:59:42] 000006 CWD /anonymous/_vti_pvt/ Tue 30 Jul 2002 [00:59:42] 000006 550 "/anonymous/_vti_pvt/" File/Directory not found Tue 30 Jul 2002 [00:59:42] 000006 CWD /anonymous/_vti_cnf/ Tue 30 Jul 2002 [00:59:42] 000006 550 "/anonymous/_vti_cnf/" File/Directory not found Tue 30 Jul 2002 [00:59:43] 000006 CWD /anonymous/incoming/ Tue 30 Jul 2002 [00:59:43] 000006 550 "/anonymous/incoming/" File/Directory not found Tue 30 Jul 2002 [00:59:43] 000006 CWD /anonymous/pub/ Tue 30 Jul 2002 [00:59:43] 000006 550 "/anonymous/pub/" File/Directory not found Tue 30 Jul 2002 [00:59:43] 000006 CWD /anonymous/public/ Tue 30 Jul 2002 [00:59:43] 000006 550 "/anonymous/public/" File/Directory not found Entry del genere me ne arrivano minimo un paio al giorno... mi chiedevo, non e' che gira un worm tipo code red per gli ftpd, vero? ;) Una ricerca su google non ha dato nessun esito... qualcuno ne sa niente? ah, questo non c'entra niente, ma merita la palma per la entry piu' buffa: Tue 30 Jul 2002 [12:40:58] 000052 User connecting, IP:216.201.108.18 Tue 30 Jul 2002 [12:40:58] 000052 220-Pascal Brax NEW ftp daemon! Tue 30 Jul 2002 [12:40:58] 000052 USER anonymous Tue 30 Jul 2002 [12:40:58] 000052 User Guest connected, login : anonymous Tue 30 Jul 2002 [12:40:58] 000052 331 User login OK, waiting for password Tue 30 Jul 2002 [12:40:58] 000052 PASS ********** Tue 30 Jul 2002 [12:40:58] 000052 User Guest logged in successfully Tue 30 Jul 2002 [12:40:58] 000052 230 User password OK, CesarFTP server ready Tue 30 Jul 2002 [12:40:59] 000052 CWD ~root Tue 30 Jul 2002 [12:40:59] 000052 550 "~root" File/Directory not found Tue 30 Jul 2002 [12:40:59] 000052 QUIT Tue 30 Jul 2002 [12:40:59] 000052 221 Good Bye ________________________________________________________ http://www.sikurezza.org - Italian Security Mailing List ________________________________________________________ http://www.sikurezza.org - Italian Security Mailing List
[ Home | Liste | F.A.Q. |
Risorse | Cerca... ]
www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005