SYSMGR: 02-Jan-2006

Just a security update:
Filtered mail:

2-JAN-2006 07:15:41.48 NOSPAMRLY 125.188.61.77 gjwns_44@daum.net
2-JAN-2006 11:38:33.79 CLNTINRBL 62.43.184.131
2-JAN-2006 21:29:39.93 CLNTINRBL 59.112.164.74
2-JAN-2006 21:59:27.34 CLNTINRBL 82.139.8.9
2-JAN-2006 22:03:18.87 BADMF robert@yahoo.com
2-JAN-2006 22:03:27.77 BADMF robert@yahoo.com
2-JAN-2006 22:03:38.26 BADMF robert@yahoo.com

Seen them before.

FTP found just one, from France this time:

%%%%%%%%%%% OPCOM 2-JAN-2006 21:40:40.55 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: ARennes-352-1-117-149.w86-203.abo.wanadoo.fr
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.060102214048p]

Again just a short time:

2-JAN-2006 21:40:38.39 User:anonymous logged in ident:Hgpuser@home.com from Host:ARennes-352-1-117-149.w86-203.abo.wanadoo.fr
2-JAN-2006 21:40:40.35 User:anonymous ident:Hgpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
2-JAN-2006 21:40:43.08 User:anonymous ident:Hgpuser@home.com logged out

and the obvious list:

%TCPIP-I-FTP_NODE, client host name: ARennes-352-1-117-149.w86-203.abo.wanadoo.fr
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: /pub/%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00004: Failed to set default directory
%SYSTEM-W-BADIRECTORY, bad directory file format
%TCPIP-I-FTP_NODE, client host name: ARennes-352-1-117-149.w86-203.abo.wanadoo.fr
%TCPIP-I-FTP_USER, user name: anonymous

and more based on IIS, it seems.

%TCPIP-I-FTP_OBJ, object: /public/
%TCPIP-I-FTP_OBJ, object: /pub/incoming/
%TCPIP-I-FTP_OBJ, object: /incoming/
%TCPIP-I-FTP_OBJ, object: /_vti_pvt/
%TCPIP-I-FTP_OBJ, object: WEB_DISK:[public.anonymous.060102214048p]
%TCPIP-I-FTP_OBJ, object: /upload/
%TCPIP-I-FTP_OBJ, object: /_vti_pvt/
%TCPIP-I-FTP_OBJ, object: /_vti_txt/
%TCPIP-I-FTP_OBJ, object: /_vti_log/
%TCPIP-I-FTP_OBJ, object: /wwwroot/
%TCPIP-I-FTP_OBJ, object: /anonymous/
%TCPIP-I-FTP_OBJ, object: /public/
%TCPIP-I-FTP_OBJ, object: /outgoing/
%TCPIP-I-FTP_OBJ, object: /temp/
%TCPIP-I-FTP_OBJ, object: /tmp/
%TCPIP-I-FTP_OBJ, object: /anonymous/_vti_pvt/
%TCPIP-I-FTP_OBJ, object: /anonymous/incoming/
%TCPIP-I-FTP_OBJ, object: /mailroot/
%TCPIP-I-FTP_OBJ, object: /ftproot/
%TCPIP-I-FTP_OBJ, object: /anonymous/pub/
%TCPIP-I-FTP_OBJ, object: /anonymous/public/
%TCPIP-I-FTP_OBJ, object: /_vti_cnf/
%TCPIP-I-FTP_OBJ, object: /images/
%TCPIP-I-FTP_OBJ, object: /_private/
%TCPIP-I-FTP_OBJ, object: /cgi-bin/
%TCPIP-I-FTP_OBJ, object: /cgibin/
%TCPIP-I-FTP_OBJ, object: /usr/
%TCPIP-I-FTP_OBJ, object: /usr/incoming/
%TCPIP-I-FTP_OBJ, object: /home/
%TCPIP-I-FTP_OBJ, object: /img/
%TCPIP-I-FTP_OBJ, object: / /
%TCPIP-I-FTP_OBJ, object: / /

%TCPIP-I-FTP_SESDCN, FTP SERVER: session disconnection from ARennes-352-1-117-149.w86-203.abo.wanadoo.fr at 2-JAN-2006 21:40:43.21

Given the one of yesterday: Do they try to copy their own systems?

SYSMGR

Monday, January 2

02-Jan-2006

0 Comments:

SYSMGR

About Me

Previous Posts