[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] slow, deliberate ftp probes

From: Greg <cobaltdude2002@xxxxxxxxx>
Subject: [WEB SECURITY] slow, deliberate ftp probes
Date: Wed, 16 Jul 2008 20:39:16 -0700 (PDT)

We host quite a few websites, and as an avid log watcher, I am curious if anyone else has noticed deliberate, meticulous but quiet FTP probes recently. For example, the "probes" seem to utilize a domain name as a user name - say, that we host "xyz.com" - the FTP probes use "xyz" as the user name, and only make one attempt at a time.

These "probes" occur at random time intervals and from a variety of IP's worldwide. And since the timimg is so random, it's hard to believe that is could be a bot. In fact, they are so random as to purposely not raise any red flags. In over 9 years of hosting, this is a first time I've ever seen anything so deliberate and meticulous.

Anyone else notice this?

Regards,
Cobaltdude


      

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

Follow-Ups:
- Re: [WEB SECURITY] slow, deliberate ftp probes
  - From: Bil Corry

Prev by Date: Re: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
Next by Date: Re: [WEB SECURITY] slow, deliberate ftp probes
Previous by thread: [WEB SECURITY] Auditing mailing scripts for web app pentesters
Next by thread: Re: [WEB SECURITY] slow, deliberate ftp probes
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site