Yep, here it is: http://xforce.iss.net/static/7126.php
----- Original Message ----- From: "Kutulu" <[EMAIL PROTECTED]> To: "Lorenz Inglin" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, October 01, 2001 1:25 PM Subject: Re: Increasing amount of ftp 'anonymous' attempts > At 07:57 PM 10/01/2001 +0200, Lorenz Inglin wrote: > > >Since a few days I can see an increasing number of attempts to connect to my > >ftp-server as anonymous user (which of course is rejected). Different > >sources from all over the world. Is there an actual worm/exploit/other issue > >for ftp servers (I run proftp 1.2.1) or any idea why suddenly the attempts > >are increasing? Anything to be worried about? > > There are issues with older versions of proftpd and wu-ftp. They are > several months old by this point, but that never stops the script kiddies > from scanning for them. Mostly this manifests itself as portscans on port > 21, but I've also recently seen huge numbers of attempts to log on as > various non-existant or anonymous accounts. Our MIS department recently > claimed there was an exploit out for the FTP service that bundles with IIS > 4 and IIS 5, but I haven't seen any information on that anywhere. The > recent change it FTP attack patterns may be related. > > Assuming you kept up with the CERT advisories for proftpd, it's probably > nothing to worry about. Of course, that doesn't mean you can't drop a > friendly notice to the ISP(s) involved, but I wouldn't expect a whole lot > of action to be taken against users trying to log into an FTP server as the > standard anonymous user. > > --K > > >
