Information from an FTP violation this weekend.
Stephen J. Wilcox
steve at opaltelecom.co.uk
Mon Apr 23 16:19:24 UTC 2001
And I thought the Internet was such a friendly, welcoming
environment.. maybe I should remove all my telnet guest logins from my
servers and remove my credit card number from my homepage..
Steve
On Mon, 23 Apr 2001, Smith, Rick wrote:
>
>
> Nanog; fyi.
>
> APNIC / Excite / Home.net -
>
> We have an ftp site running on 209.123.52.40 that is made writable at
> certain periods of time for anonymous users. Some of our customer's systems
> are programmed to send in bug reports, problem programs, etc at these times.
> One of these periods of time was this past Friday (4/20/01) from 6pm EST to
> Saturday afternoon at Noon. In that time period, a couple of hundred megs
> of movies / warez / crap was dropped onto the ftp site, and then the people
> that were (I presume) loading up the site got cut off.
>
> Not only did the violator from 203.164.51.0/24 store illegal information on
> our ftp site, they also deleted everything that existed. Not anyone's fault
> there but our own, and no problem since there were backups, but just fyi
> that this stuff is happening out there from the reported networks.
>
> Here's some information I collected from a .htaccess file in one of the
> directories that these <insert explative here> left.
>
> <Limit GET>
> order allow,deny
> deny from 141.201.222.
> deny from 24.141.20.
> deny from 24.141.36.
> deny from 65.1.50.
> .
> . Bunch of Denies
> .
> allow from 203.164.51.
> deny from 203.164.3.
> deny from 62.30.0.
> .
> . Bunch of Denies
> .
> allow from all
> </Limit>
>
>
>
> I run Portsentry on my FreeBSD firewall, which caught and denied this:
> 987814775 - 04/20/2001 20:59:35 Host: www.uov.net/209.37.153.6 Port: 515 TCP
> Blocked
>
>
> The swip info for the one allow statement in that htaccess file:
>
> [root]# whois -h whois.arin.net 203.164.51.0
>
> Asia Pacific Network Information Center (APNIC2)
> These addresses have been further assigned to Asia-Pacific users.
> Contact info can be found in the APNIC database,
> at WHOIS.APNIC.NET or http://www.apnic.net/
> Please do not send spam complaints to APNIC.
> AU
>
> Netname: APNIC-CIDR-BLK
> Netblock: 202.0.0.0 - 203.255.255.255
> Maintainer: AP
>
>
> Gee - go figure - a cable modem ween
>
> [root]# whois -h whois.apnic.net 203.164.51.0
>
> % Rights restricted by copyright. See
> http://www.apnic.net/db/dbcopyright.html
>
> inetnum: 203.164.48.0 - 203.164.51.255
> netname: ATHOME-AU-RIVRW-1
> descr: Infrastructure
> country: AU
> admin-c: HH85-AP
> tech-c: AI13-AP
> mnt-by: MAINT-AU-ATHOME
> changed: ipmgmt at excitehome.net 20000911
> source: APNIC
>
> person: Hostmaster Home Network Australia
> address: 100 Harris Street
> address: Pyrmont
> address: NSW 2009
> phone: +61 2 9005 1000
> fax-no: +61 2 9005 1076
> country: AU
> e-mail: hostmaster at homenetwork.com.au
> nic-hdl: HH85-AP
> mnt-by: MAINT-AU-ATHOME
> changed: judithh at corp.home.net 20000830
> source: APNIC
>
> person: ATHome-AU IP Mgmt
> address: 450 Broadway Street
> address: Redwood City, CA 94063
> address: US
> phone: +1-800-872-3595
> country: AU
> e-mail: ipmgmt at excitehome.neet
> nic-hdl: AI13-AP
> mnt-by: MAINT-AU-ATHOME
> changed: judithh at corp.home.net 20000830
> source: APNIC
>
>
>
> Thanks,
> Rick Smith
> Director of Technical Services
> Applied Tactical Systems
> (A division of Vertex Interactive, Inc.)
> <http://www.atsworld.com> --- <http://www.vertexinteractive.com>
> (973) 808 - 1750 x382
>
>
>
--
Stephen J. Wilcox
IP Services Manager, Opal Telecom
http://www.opaltelecom.co.uk/
Tel: 0161 222 2000
Fax: 0161 222 2008
More information about the NANOG
mailing list