North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: FTP Probes from Taiwan/China

  • From: kysi ferul
  • Date: Mon Sep 10 12:46:38 2001

FORMOSA from Jonathan Swift's "Gulliver!" Please see: "Two Babylons"

  Gordon Ewasiuk <[email protected]> wrote:

On Today, mike harrison wrote:
>> > Has anyone seen a dramatic increase in FTP probes/scans/bad stuff from
>> > certain IP blocks in Taiwan or China? Specifically, 211/8, 61/8, and
>> > 202/7. I'm logging over 7500 probes/hr right now. Is there a new
>> > exploit out or something?
>> >
>> > Another network just surfaced: 210.82/15
>I am getting lots of port 80'ish scans from those IP ranges.
>and a few port 139, but I have not seen a port 21 (FTP) scan from anyone
>in the last 30 minutes... while monitoring a /19 and a /20 locally.

Apprec. the info. Probes are falling off now. 25k in the last 6hrs
(as of 1500hrs EST).

Not much in the grand scheme of things but more then I like. A couple of
servers at this facility are being targeted - no sooner had I ACL'ed
one block when probes from a new block to the same targets surfaced. In
any event, the target servers are offline pending a close inspection.

Thanks to all that responded,


Gordon Ewasiuk, Certifed Sun Fanatic, Winstar VHC
The REAL office number is here-----> 703.893.4901
Tired of BSODs, My Computer, and Code Red?


Kysi Ferul  [email protected]

Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger.