Information from an FTP violation this weekend.

Smith, Rick rsmith at
Mon Apr 23 16:10:00 UTC 2001

Nanog; fyi.

APNIC / Excite / -

We have an ftp site running on that is made writable at
certain periods of time for anonymous users.  Some of our customer's systems
are programmed to send in bug reports, problem programs, etc at these times.
One of these periods of time was this past Friday (4/20/01) from 6pm EST to
Saturday afternoon at Noon.  In that time period, a couple of hundred megs
of movies / warez / crap was dropped onto the ftp site, and then the people
that were (I presume) loading up the site got cut off.

Not only did the violator from store illegal information on
our ftp site, they also deleted everything that existed.  Not anyone's fault
there but our own, and no problem since there were backups, but just fyi
that this stuff is happening out there from the reported networks.

Here's some information I collected from a .htaccess file in one of the
directories that these <insert explative here> left.

<Limit GET> 
order allow,deny 
deny from 141.201.222.
deny from 24.141.20.
deny from 24.141.36.
deny from 65.1.50.
.  Bunch of Denies
allow from  203.164.51.
deny from 203.164.3.
deny from 62.30.0.
.  Bunch of Denies
allow from all 

I run Portsentry on my FreeBSD firewall, which caught and denied this:
987814775 - 04/20/2001 20:59:35 Host: Port: 515 TCP

The swip info for the one allow statement in that htaccess file:

[root]# whois -h

Asia Pacific Network Information Center (APNIC2)
   These addresses have been further assigned to Asia-Pacific users.
   Contact info can be found in the APNIC database,
   Please do not send spam complaints to APNIC.

   Netname: APNIC-CIDR-BLK
   Netblock: -
   Maintainer: AP

Gee - go figure - a cable modem ween

[root]# whois -h

% Rights restricted by copyright. See

inetnum: -
netname:     ATHOME-AU-RIVRW-1
descr:       Infrastructure
country:     AU
admin-c:     HH85-AP
tech-c:      AI13-AP
mnt-by:      MAINT-AU-ATHOME
changed:     ipmgmt at 20000911
source:      APNIC

person:      Hostmaster Home Network Australia
address:     100 Harris Street
address:     Pyrmont
address:     NSW 2009
phone:       +61 2 9005 1000
fax-no:      +61 2 9005 1076
country:     AU
e-mail:      hostmaster at
nic-hdl:     HH85-AP
mnt-by:      MAINT-AU-ATHOME
changed:     judithh at 20000830
source:      APNIC

person:      ATHome-AU IP Mgmt
address:     450 Broadway Street
address:     Redwood City, CA 94063
address:     US
phone:       +1-800-872-3595
country:     AU
e-mail:      ipmgmt at excitehome.neet
nic-hdl:     AI13-AP
mnt-by:      MAINT-AU-ATHOME
changed:     judithh at 20000830
source:      APNIC

Rick Smith
Director of Technical Services 
Applied Tactical Systems 
(A division of Vertex Interactive, Inc.) 
<> --- <> 
(973) 808 - 1750 x382 

More information about the NANOG mailing list