Simon Wilson wrote: > I also get a lot of scans and most ftp connections from > dip.t-dialin.net and wanadoo. If this is widespread, can > we not collectively do something about it? Both > dip.t-dialin.net and wanadoo ignore (or at least > don't acknowledge) reports of this, even if you complain > that they are repeated attempts (I don't bother with > reporting unless the offender repeatedly does it).
It's all automated. Welcome to the land of broadband - Deutsche Telekom and many other European providers have gone for ADSL in a big way, and sadly there are a lot of leeches out there who are making damn good use of it. There's a program kicking around - I forget what it's called - which scans netblocks for FTP, attempts anonymous connections, if it gets one it immediately tries a one or two megabyte upload and again, if successful it reports back into a table with all the speeds. The operator then picks a machine and uploads all manner of crap to it - DivX/VCD videos, porn, W4r3z and so on. They then 'privately' advertise this to other leeches over IRC and suddenly: BOOM - your data transfer goes through the roof. It affects Windows machines running IIS FTP service mainly, because out-of-the-box it has Anonymous access enabled. Out-of-the-box, the default FTPRoot directory is world writeable. You work it out ;-) Just ignore it. Or at least, grow to tolerate it, because you'll be seeing more of it in future :( Graeme -- Graeme Fowler System Administrator Host Europe Group PLC _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
