Announcement

Collapse
No announcement yet.

Tired of getting ftp scanned

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Tired of getting ftp scanned

    Does anyone know what to do concerning ftp scanning.

    example of scanning attempt

    (000001) 23-05-2003 21:29:08 - (not logged in) (80.201.44.235) > sending welcome message.
    (000001) 23-05-2003 21:29:08 - (not logged in) (80.201.44.235) > 220 G6 FTP Server ready ...
    (000001) 23-05-2003 21:29:08 - (not logged in) (80.201.44.235) > USER anonymous
    (000001) 23-05-2003 21:29:08 - (not logged in) (80.201.44.235) > 331 Password required for anonymous.
    (000001) 23-05-2003 21:29:09 - (not logged in) (80.201.44.235) > PASS ********
    (000001) 23-05-2003 21:29:09 - (not logged in) (80.201.44.235) > 530 Login or Password incorrect.
    (000001) 23-05-2003 21:31:39 - (not logged in) (80.201.44.235) > 421 Connection timed-out !
    (000001) 23-05-2003 21:31:39 - (not logged in) (80.201.44.235) > disconnected.


    My server i unlisted (no domain registration). Its not listed in news groups/ websites other such places.

    This means that i generally get a script kiddy visit at least once a day.

    Should i contact på isp ?

    Should i contact the ip that the connect "appears" to come from ?

    Is there a general "police department" i can contact (im located in denmark europe) ?

  • #2
    How about I give you an ip of one of my honepots and you redirect the request to me and let me play with them

    Comment


    • #3
      Originally posted by streetpower
      How about I give you an ip of one of my honepots and you redirect the request to me and let me play with them
      If you don't inform them that they are being monitored you could be breaking the law, just be careful.
      [H]4 Life
      My next generation Front End is right on schedule.
      It will be done sometime in the next generation.
      I'm a lesbian too.
      I am for hire!

      Comment


      • #4
        looks like thats warez group scaners looking for people with open anonymous ftp sites so they can make public ftp sites.
        '98 Explorer Sport
        http://mp3car.zcentric.com (down atm)
        AMD 800mhz 192megs RAM 60gig hard drive 9 inch widescreen VGA
        80% done

        Comment


        • #5
          ban the ip, or report it
          -
          My cars
          -

          Comment


          • #6
            hijinks21: Im aware of that. I know that they have programs that automates the processes sp they just have to enter an ip range and the program will "attempt" them all. Im aware that this does not pose any major threat to an ftp server with a disabled anonymous account.

            Jol: Who do you report it to ? my isp ?, their isp ? someone else ? I havent complained about this kind of behaviour before ...

            Comment


            • #7
              tracert in command/cmd gives you the "hostmask" adress:
              235.44-201-80.adsl.skynet.be.
              go to skynet.be and report a "attack" along with the ip.
              -
              My cars
              -

              Comment


              • #8
                Simply put, forget about it. Nobody will care that someone *tried* to log into your FTP. If damage was done, then report it.
                If this guy starts hammering your FTP brute forcing logins, drop the whole IP block. Otherwise, you're wasting your energy.
                Don't Click

                Comment


                • #9
                  Yeah, why do you care? I get scanned 100+ times per day...
                  Player: Pentium 166MMX, Amptron 598LMR MB w/onboard Sound, Video, LAN, 10.2 Gig Fujitsu Laptop HD, Arise 865 DC-DC Converter, Lexan Case, Custom Software w/Voice Interface, MS Access Based Playlists
                  Car: 1986 Mazda RX-7 Turbo (highly modded), 1978 RX-7 Beater (Dead, parting out), 2001 Honda Insight
                  "If one more body-kitted, cut-spring-lowered, farty-exhausted Civic revs on me at an intersection, I swear I'm going to get out of my car and cram their ridiculous double-decker aluminium wing firmly up their rump."

                  Comment


                  • #10
                    JOL: Your're proberbly right, but their page is entirely in their native language, and i only understand approx 30 % of it.

                    Aaron: Do you think getting scanned several times a day is ok. if this was your car 100+ people would check if your doors was locked. That would on the shere principle annoy the living **** out of me. Admittably this is just a software system, i hold nothing of value in it, but i still hate the fact the people continously check my security.

                    I think i will check with my ISP, and what ever they say goes.

                    Comment


                    • #11
                      Originally posted by frodobaggins
                      If you don't inform them that they are being monitored you could be breaking the law, just be careful.
                      Hate to make the point that they've tried to have a go at you first, so it's ratehr unlikely they are going to report anything.

                      It's also unlikely however that someone scanning for hosting warez etc is going to be using their own PC and IP for the task, more likely to have taken control of some sucker on AOL broadband

                      Comment


                      • #12
                        I'd be willing to bet that 10+ people a day check to see if my car is locked...

                        But really, who cares if someone scans your PC? I mean, it's not like it's taking a major amount of bandwidth or CPU time. And EVERY SINGLE COMPUTER that is connected to the Internet is continuously scanned anyway....
                        Player: Pentium 166MMX, Amptron 598LMR MB w/onboard Sound, Video, LAN, 10.2 Gig Fujitsu Laptop HD, Arise 865 DC-DC Converter, Lexan Case, Custom Software w/Voice Interface, MS Access Based Playlists
                        Car: 1986 Mazda RX-7 Turbo (highly modded), 1978 RX-7 Beater (Dead, parting out), 2001 Honda Insight
                        "If one more body-kitted, cut-spring-lowered, farty-exhausted Civic revs on me at an intersection, I swear I'm going to get out of my car and cram their ridiculous double-decker aluminium wing firmly up their rump."

                        Comment


                        • #13
                          I'm with Aaron. I work for an ISP (A big one) and when we get abuse cases like this we really don't to anything about it. We really CAN'T do anything about it. Most intenet IP addresses are assigned dynamically so the person who scans today may not be the person who uses the IP address tomorrow.

                          As a matter of fact, we got in trouble with one of our backbone providers for Black-Listing an IP scope. They claimed we were denying users access to our network. Which is true, but against the terms of our contract. So we had to delete the Black List.

                          Comment


                          • #14
                            since i put FTP server on another port i have no more problems with those scanners lol
                            simply put it on for ex. port 2021 or such.
                            =>> Carpc Version2 -- Epia M 10K based<<=
                            ::Epia M10k,7"VGA/40GB2.5",GPS,Opus90W ::
                            ::trying to build second low cost carpc::
                            ::Automp3.de :: CAR= Renault Clio2 - 2 seats 1.9D

                            Comment


                            • #15
                              Hi

                              Try to run ad-aware, if you computer have a traking cooki or somthing, it will find it.

                              You can also ban the IP in G6.
                              M10000,256 DDR,80 Gb, PCI TV/Radio, D-Link Radio, PCI Audigy 2, Opus 150W, BU-301, Bluetooth, Wifi, Lilliput 7" Touch, Ifree RF Keyborad, USB 2.0 HUB, 2 Amps 600w 4 ch - 620w 2 ch, 6*9" 4-way(rear), 12" Alpine (Sub), 4" 3 way(front), center missing.

                              Comment

                              Working...
                              X