FireDaemon exploit - part 2
From: purdy@hushmail.comDate: 07/25/02
- Previous message: Steve Bougerolle: "Anyone know this rootkit (rootkits?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: purdy@hushmail.com To: incidents@securityfocus.com Date: Thu, 25 Jul 2002 09:12:20 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I had a request by someone here as to what program was causing the max utilization of our client's t1 outgoing circuit as a result of their compromised server being used as a bot for DDoS. We were able to kill the bots quickly and own the machine again, but did not discover until today that the actual program used was identd, http://www.ake.nu/software/eyedentd/ . One interesting thing we found was idents.txt containg about 500 cracker sigs. Have attached this file for perusal should anyone be interested. I believe that this is used by the ServU FTP daemon to permit warez login for file downloads.
Curt
- ----------------------------------------
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
- -- White House cybersecurity adviser Richard Clarke
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wloEARECABoFAj1AI00THHB1cmR5QGh1c2htYWlsLmNvbQAKCRCaCAXiK6ZkH9uZAKCu
qwbsEvcAhqMzcXPxf16OZEp9LQCfYGZPaXkQsgfBgU0+P8kZoJ/XkBE=
=8OBf
-----END PGP SIGNATURE-----
Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2
Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
- text/plain attachment: idents.txt
- text/plain attachment: idents.txt.sig
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Steve Bougerolle: "Anyone know this rootkit (rootkits?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
