Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 21 (tcp/udp) Attack Activity - Internet Security | DShield Port 21 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
udp ftp File Transfer [Control]
tcp ftp File Transfer [Control]
tcp NetAdministrator [trojan] Net Administrator
tcp Ramen [trojan] Ramen
tcp RTB666 [trojan] RTB 666
tcp SennaSpyFTPserver [trojan] Senna Spy FTP server
tcp Traitor21 [trojan] Traitor 21
tcp [trojan]TheFlu [trojan] The Flu
tcp WebEx [trojan] WebEx
tcp WinCrash [trojan] WinCrash
tcp AudioGalaxy AudioGalaxy file sharing app
tcp MotIvFTP [trojan] MotIv FTP
tcp Larva [trojan] Larva
tcp BladeRunner [trojan] BladeRunner
tcp CattivikFTPServer [trojan] Cattivik FTP Server
tcp CCInvader [trojan] CC Invader
tcp DarkFTP [trojan] Dark FTP
tcp DolyTrojan [trojan] Doly Trojan
tcp Fore [trojan] Fore
tcp FreddyK [trojan] FreddyK
tcp InvisibleFTP [trojan] Invisible FTP
tcp Juggernaut42 [trojan] Juggernaut 42
tcp BackConstruction [trojan] Back Construction
Top IPs Scanning
TodayYesterday
27.148.156.47 (6293)46.20.6.106 (294993)
49.235.120.79 (6265)185.93.68.111 (147727)
164.52.24.165 (1062)212.180.230.206 (85166)
45.231.193.209 (978)5.2.83.219 (83295)
85.238.97.34 (927)134.209.73.182 (81481)
162.159.210.78 (383)47.110.239.21 (37631)
198.108.66.144 (312)185.226.160.102 (24845)
45.33.109.12 (131)49.235.46.235 (13922)
34.74.34.209 (127)185.141.34.250 (9166)
117.23.245.94 (50)185.122.13.178 (9103)
Port diary mentions
URL
Distributed FTPPort 21 scan follow-up; Port 23 scan increases;
FTP Vulnerability & Accompanying Activity
FTP-Brute Force Attacks and Password Management
User Comments
Submitted By Date
Comment
Johannes Ullrich 2007-02-12 12:31:02
A new very trivial exploit for telnet on Solaris 10/11 was made public Feb. 11th 2007.
Add a comment
CVE Links
CVE # Description
CVE-2014-7169 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.