On Thu, 5 Jul 2001, Ken McKinlay wrote:
> It looks like you were initially probed by Grim's Ping. The tool can
> be found at http://grimsping.cjb.net/. I ran into it about 7 months
> ago and set up a blocker on our FTP site to prevent logins using
> [EMAIL PROTECTED] The tool basically searches for writable and readable
> areas on FTP sites.
is that the only block you did? remind me to change the login to something
different to get past your check. :P
like any eploit or vulnerability, its easy to identify one simple thing
and block on it, ie a login name ([EMAIL PROTECTED]). thats not security,
though. the right fix is to kill anonymous uploads (and retrievals, if you
need a drop point make it write only, no reads), mkdir for anonymous
folks, etc ...
thats the problem. we see this on lots of FTP servers, various forms of it
(ie TEST345 dir creation and tatging etc ...). its just warez pups.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
