Hosting Provided By

Re: ano@ano.com ftpd dip.t-dialin.net

From: Ralf G. R. Bergs <rabe(at)RWTH-Aachen.DE>
Date: Thu Nov 07 2002 - 02:54:47 EST

On Wed, 06 Nov 2002 16:50:13 -0500, Owen McCusker wrote:

[...]
>Has anyone else seen this type of activity from dip.t-dialin.net

Sure, I see it all day.

What they're trying to achieve is determine whether you have an "open" FTP server which allows them to store "warez" and download them again.

A simple countermeasure against this is to give files that are uploaded to your "incoming" directory permissions so that anonymous users can't access them anymore. You can even prohibit them from reading the directory's contents so that they don't even see which files are stored inside the directory.

-- 
   L I N U X       .~.
  The  Choice      /V\
   of a  GNU      /( )\
  Generation      ^^-^^



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Thu Nov 7 11:41:54 2002

This message: [ Message body ]
Next message: Skip Carter: "Re: ano@ano.com ftpd dip.t-dialin.net"
In reply to Owen McCusker: "ano@ano.com ftpd dip.t-dialin.net"
Next in thread: Dave Laird: "Re: ano@ano.com ftpd dip.t-dialin.net"
Reply: Dave Laird: "Re: ano@ano.com ftpd dip.t-dialin.net"
Reply: Rainer Duffner: "Re: ano@ano.com ftpd dip.t-dialin.net"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:50 EDT