myNetWatchman KnowledgeBase
Pooling knowledge to
secure the internet.
|
 |
The following trace appears to have been generated by some automated script looking for FTP servers
allowing Anonymous uploads.
BTW: 'Wgpuser@home.com' is no longer a valid email address...and suspect this was arbitrarily selected by the attacker
No. Time Source Destination Protocol Info
26 2002-04-20 13:02:13.4979 65.92.56.164 64.xxx.xxx.xxx TCP 2855 > ftp [SYN] Seq=6570032 Ack=0 Win=5840 Len=0
27 2002-04-20 13:02:13.4994 64.xxx.xxx.xxx 65.92.56.164 TCP ftp > 2855 [SYN, ACK] Seq=1986597740 Ack=6570033 Win=16968 Len=0
28 2002-04-20 13:02:13.5049 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 220 Microsoft FTP Service (Version 5.0).
29 2002-04-20 13:02:13.5664 65.92.56.164 64.xxx.xxx.xxx TCP 2855 > ftp [ACK] Seq=6570033 Ack=1986597741 Win=5840 Len=0
30 2002-04-20 13:02:13.7312 65.92.56.164 64.xxx.xxx.xxx TCP 2855 > ftp [ACK] Seq=6570033 Ack=1986597790 Win=5791 Len=0
31 2002-04-20 13:02:13.8291 65.92.56.164 64.xxx.xxx.xxx FTP Request: USER anonymous
32 2002-04-20 13:02:13.8304 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 331 Anonymous access allowed, send identity (e-mail name) as password.
33 2002-04-20 13:02:14.1761 65.92.56.164 64.xxx.xxx.xxx FTP Request: PASS Wgpuser@home.com
34 2002-04-20 13:02:14.1783 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 230 Anonymous user logged in.
35 2002-04-20 13:02:14.4994 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /pub/
36 2002-04-20 13:02:14.5010 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 250 CWD command successful.
37 2002-04-20 13:02:14.6056 65.92.56.164 64.xxx.xxx.xxx FTP Request: MKD 020420131736p
38 2002-04-20 13:02:14.6298 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 020420131736p: Access is denied.
39 2002-04-20 13:02:14.7249 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /public/
40 2002-04-20 13:02:14.7266 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /public: The system cannot find the file specified.
41 2002-04-20 13:02:14.8732 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /pub/incoming/
42 2002-04-20 13:02:14.9670 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /pub/incoming: Access is denied.
43 2002-04-20 13:02:15.0453 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /incoming/
44 2002-04-20 13:02:15.0470 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /incoming: The system cannot find the file specified.
45 2002-04-20 13:02:15.1198 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /_vti_pvt/
46 2002-04-20 13:02:15.1214 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /_vti_pvt: The system cannot find the file specified.
47 2002-04-20 13:02:15.1965 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /
48 2002-04-20 13:02:15.1980 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 250 CWD command successful.
49 2002-04-20 13:02:15.2735 65.92.56.164 64.xxx.xxx.xxx FTP Request: MKD 020420131737p
50 2002-04-20 13:02:15.2750 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 020420131737p: Access is denied.
51 2002-04-20 13:02:15.3475 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /upload/
52 2002-04-20 13:02:15.4638 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /upload: The system cannot find the file specified.
53 2002-04-20 13:02:15.5357 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /ftproot/
54 2002-04-20 13:02:15.5384 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /ftproot: The system cannot find the file specified.
55 2002-04-20 13:02:15.6125 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /_vti_cnf/
56 2002-04-20 13:02:15.6142 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /_vti_cnf: The system cannot find the file specified.
57 2002-04-20 13:02:15.7178 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /cgi-bin/
58 2002-04-20 13:02:15.7194 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /cgi-bin: The system cannot find the file specified.
59 2002-04-20 13:02:15.7902 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /usr/
60 2002-04-20 13:02:15.7917 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /usr: The system cannot find the file specified.
61 2002-04-20 13:02:15.8830 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /usr/incoming/
62 2002-04-20 13:02:15.8847 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /usr/incoming: The system cannot find the path specified.
63 2002-04-20 13:02:15.9573 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /images/
64 2002-04-20 13:02:15.9590 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /images: The system cannot find the file specified.
65 2002-04-20 13:02:16.0316 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /wwwroot/
66 2002-04-20 13:02:16.0332 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /wwwroot: The system cannot find the file specified.
67 2002-04-20 13:02:16.1056 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /_vti_log/
68 2002-04-20 13:02:16.1073 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /_vti_log: The system cannot find the file specified.
69 2002-04-20 13:02:16.1826 65.92.56.164 64.xxx.xxx.xxx FTP Request: CWD /home/
70 2002-04-20 13:02:16.1843 64.xxx.xxx.xxx 65.92.56.164 FTP Response: 550 /home: The system cannot find the file specified.
71 2002-04-20 13:02:16.2564 65.92.56.164 64.xxx.xxx.xxx TCP 2855 > ftp [FIN, ACK] Seq=6570342 Ack=1986598834 Win=4747 Len=0
72 2002-04-20 13:02:16.2579 64.xxx.xxx.xxx 65.92.56.164 TCP ftp > 2855 [ACK] Seq=1986598834 Ack=6570343 Win=16659 Len=0
73 2002-04-20 13:02:16.2582 64.xxx.xxx.xxx 65.92.56.164 TCP ftp > 2855 [FIN, ACK] Seq=1986598834 Ack=6570343 Win=16659 Len=0
74 2002-04-20 13:02:16.2616 65.92.56.164 64.xxx.xxx.xxx TCP 2855 > ftp [RST] Seq=6570343 Ack=1986598834 Win=0 Len=0
75 2002-04-20 13:02:16.3264 65.92.56.164 64.xxx.xxx.xxx TCP 2855 > ftp [RST] Seq=6570343 Ack=6570343 Win=0 Len=0
76 2002-04-20 13:02:16.3306 65.92.56.164 64.xxx.xxx.xxx TCP 2855 > ftp [RST] Seq=6570343 Ack=6570343 Win=0 Len=0
myNetWatchman Security Research Home |
