Re: ftp warez server snake ?

From: Peter Moody (peter_at_ucsc.edu)
Date: 12/07/04

Next message: Jez Han***: "Re: PHP injection attempt from 200.222.244.154"

Previous message: Andreas Putzo: "ftp warez server snake ?"
In reply to: Andreas Putzo: "ftp warez server snake ?"
Next in thread: Andrew Smith: "Re: ftp warez server snake ?"
Reply: Andrew Smith: "Re: ftp warez server snake ?"
Reply: M. Shirk: "Re: ftp warez server snake ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Andreas Putzo <andreas@inferno.nadir.org>
Date: Tue, 07 Dec 2004 14:17:29 -0800

> There is also an auth server listening, providing me this:
>
> # nc 194.xx.x.xxx 113
>
> : USERID : UNIX : ekwaxtjm

Auth server returning garbage date = Compromise, especially when not
prodded. I'd provide you with the nessus plugin that explains this but
it looks like tennable has destroyed what used to be a useful nessus.org
website.

Short answer, the machine is owned and should be format/reinstall
treatment.

Regards,
-Peter

-- 
Peter Moody                             <peter@ucsc.edu>
Information Security Administrator          831/459.5409
Information and Technology Services        UC Santa Cruz
http://security.ucsc.edu/pgp/peter.moody.pub      AS5739
:wq

application/pgp-signature attachment: This is a digitally signed message part

Next message: Jez Han***: "Re: PHP injection attempt from 200.222.244.154"

Previous message: Andreas Putzo: "ftp warez server snake ?"
In reply to: Andreas Putzo: "ftp warez server snake ?"
Next in thread: Andrew Smith: "Re: ftp warez server snake ?"
Reply: Andrew Smith: "Re: ftp warez server snake ?"
Reply: M. Shirk: "Re: ftp warez server snake ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]