Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Tired of getting ftp scanned

  1. #1
    Variable Bitrate
    Join Date
    Nov 1999
    Location
    Ishoej, Denmark
    Posts
    310

    Tired of getting ftp scanned

    Does anyone know what to do concerning ftp scanning.

    example of scanning attempt

    (000001) 23-05-2003 21:29:08 - (not logged in) (80.201.44.235) > sending welcome message.
    (000001) 23-05-2003 21:29:08 - (not logged in) (80.201.44.235) > 220 G6 FTP Server ready ...
    (000001) 23-05-2003 21:29:08 - (not logged in) (80.201.44.235) > USER anonymous
    (000001) 23-05-2003 21:29:08 - (not logged in) (80.201.44.235) > 331 Password required for anonymous.
    (000001) 23-05-2003 21:29:09 - (not logged in) (80.201.44.235) > PASS ********
    (000001) 23-05-2003 21:29:09 - (not logged in) (80.201.44.235) > 530 Login or Password incorrect.
    (000001) 23-05-2003 21:31:39 - (not logged in) (80.201.44.235) > 421 Connection timed-out !
    (000001) 23-05-2003 21:31:39 - (not logged in) (80.201.44.235) > disconnected.


    My server i unlisted (no domain registration). Its not listed in news groups/ websites other such places.

    This means that i generally get a script kiddy visit at least once a day.

    Should i contact på isp ?

    Should i contact the ip that the connect "appears" to come from ?

    Is there a general "police department" i can contact (im located in denmark europe) ?

  2. #2
    Newbie
    Join Date
    Aug 2002
    Location
    Dallas - Tx
    Posts
    52
    How about I give you an ip of one of my honepots and you redirect the request to me and let me play with them

  3. #3
    I'm sorry, and you are....? frodobaggins's Avatar
    Join Date
    Jan 2003
    Location
    Ruston, LA
    Posts
    8,846
    Originally posted by streetpower
    How about I give you an ip of one of my honepots and you redirect the request to me and let me play with them
    If you don't inform them that they are being monitored you could be breaking the law, just be careful.
    [H]4 Life
    My next generation Front End is right on schedule.
    It will be done sometime in the next generation.
    I'm a lesbian too.
    I am for hire!

  4. #4
    Raw Wave hijinks21's Avatar
    Join Date
    May 2002
    Location
    Albany, NY
    Posts
    1,803
    looks like thats warez group scaners looking for people with open anonymous ftp sites so they can make public ftp sites.
    '98 Explorer Sport
    http://mp3car.zcentric.com (down atm)
    AMD 800mhz 192megs RAM 60gig hard drive 9 inch widescreen VGA
    80% done

  5. #5
    jol
    jol is offline
    FLAC jol's Avatar
    Join Date
    Jan 2002
    Location
    Mellansel, Sweden
    Posts
    1,299
    ban the ip, or report it

  6. #6
    Variable Bitrate
    Join Date
    Nov 1999
    Location
    Ishoej, Denmark
    Posts
    310
    hijinks21: Im aware of that. I know that they have programs that automates the processes sp they just have to enter an ip range and the program will "attempt" them all. Im aware that this does not pose any major threat to an ftp server with a disabled anonymous account.

    Jol: Who do you report it to ? my isp ?, their isp ? someone else ? I havent complained about this kind of behaviour before ...

  7. #7
    jol
    jol is offline
    FLAC jol's Avatar
    Join Date
    Jan 2002
    Location
    Mellansel, Sweden
    Posts
    1,299
    tracert in command/cmd gives you the "hostmask" adress:
    235.44-201-80.adsl.skynet.be.
    go to skynet.be and report a "attack" along with the ip.

  8. #8
    FLAC Gutter's Avatar
    Join Date
    Dec 1999
    Location
    Casina, Italy
    Posts
    901
    Simply put, forget about it. Nobody will care that someone *tried* to log into your FTP. If damage was done, then report it.
    If this guy starts hammering your FTP brute forcing logins, drop the whole IP block. Otherwise, you're wasting your energy.

  9. #9
    Retired Admin Aaron Cake's Avatar
    Join Date
    Jan 2000
    Location
    London, Ontario, Canada
    Posts
    2,464
    Yeah, why do you care? I get scanned 100+ times per day...
    Player: Pentium 166MMX, Amptron 598LMR MB w/onboard Sound, Video, LAN, 10.2 Gig Fujitsu Laptop HD, Arise 865 DC-DC Converter, Lexan Case, Custom Software w/Voice Interface, MS Access Based Playlists
    Car: 1986 Mazda RX-7 Turbo (highly modded), 1978 RX-7 Beater (Dead, parting out), 2001 Honda Insight
    "If one more body-kitted, cut-spring-lowered, farty-exhausted Civic revs on me at an intersection, I swear I'm going to get out of my car and cram their ridiculous double-decker aluminium wing firmly up their rump."

  10. #10
    Variable Bitrate
    Join Date
    Nov 1999
    Location
    Ishoej, Denmark
    Posts
    310
    JOL: Your're proberbly right, but their page is entirely in their native language, and i only understand approx 30 % of it.

    Aaron: Do you think getting scanned several times a day is ok. if this was your car 100+ people would check if your doors was locked. That would on the shere principle annoy the living **** out of me. Admittably this is just a software system, i hold nothing of value in it, but i still hate the fact the people continously check my security.

    I think i will check with my ISP, and what ever they say goes.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •