A week before publishing this paper, I opened an anonymous ftp site on my home machine, expecting a few connections. I also wanted to see what people would do if I gave them write access. Within 3-4 days of my server . . .
A week before publishing this paper, I opened an anonymous ftp site on my home machine, expecting a few connections. I also wanted to see what people would do if I gave them write access. Within 3-4 days of my server being up, I got a successful connection from a remote host, which created his own directory named "_kurdt". Later on, I got another connection from a possibly different visitor, who created a different directory name "020612105639p". Checking my ftp logs, I learnt that both processes seem automated: within the same second the user has logged in, created a folder and disconnected from my ftp server. The third scan consisted of testing upload, deletion and ftp/http miss-configuration. These attacks are described in detail on the log files section.

The link for this article located at EyeOnSecurity.org is no longer available.