Re: ftp warez server snake ?

From: Andreas Putzo (andreas_at_inferno.nadir.org)
Date: 12/08/04

  • Next message: M. Shirk: "Re: ftp warez server snake ?"
    To: incidents@securityfocus.com
    Date: Wed, 8 Dec 2004 18:44:36 +0100
    
    

    Hello,

    Am Mittwoch, 8. Dezember 2004 16:58 schrieb Andrew Smith:
    > Certainly compromised, probably pubstro. "snake server" will be an FTP
    > server with a obscure banner to confuse you. The "auth server" is an
    > identd server running, probably, for an XDCC bot. You might try and
    > compromise it again, to uninstall the ftp/xdcc/identd..but it may well
    > have been secured.

    I know, that the banner was obfuscated, but i thought, it could be
    "standard" banner for worm xyz.
    Also, the identd is no real identd, because it simply puts the mentioned
    output on the wire. As far as i know, on identd you have to input
    <server port>, <client port> to get a result.
    Anyway, thank you all for your help.

    regards,
    andreas


  • Next message: M. Shirk: "Re: ftp warez server snake ?"