Re: ftp warez server snake ?
From: Andreas Putzo (andreas_at_inferno.nadir.org)
To: email@example.com Date: Wed, 8 Dec 2004 18:44:36 +0100
Am Mittwoch, 8. Dezember 2004 16:58 schrieb Andrew Smith:
> Certainly compromised, probably pubstro. "snake server" will be an FTP
> server with a obscure banner to confuse you. The "auth server" is an
> identd server running, probably, for an XDCC bot. You might try and
> compromise it again, to uninstall the ftp/xdcc/identd..but it may well
> have been secured.
I know, that the banner was obfuscated, but i thought, it could be
"standard" banner for worm xyz.
Also, the identd is no real identd, because it simply puts the mentioned
output on the wire. As far as i know, on identd you have to input
<server port>, <client port> to get a result.
Anyway, thank you all for your help.