Re: ftp warez server snake ?
From: Andreas Putzo (andreas_at_inferno.nadir.org)
Date: 12/08/04
- Previous message: Andrew Smith: "Re: ftp warez server snake ?"
- In reply to: Andrew Smith: "Re: ftp warez server snake ?"
- Next in thread: M. Shirk: "Re: ftp warez server snake ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: incidents@securityfocus.com Date: Wed, 8 Dec 2004 18:44:36 +0100
Hello,
Am Mittwoch, 8. Dezember 2004 16:58 schrieb Andrew Smith:
> Certainly compromised, probably pubstro. "snake server" will be an FTP
> server with a obscure banner to confuse you. The "auth server" is an
> identd server running, probably, for an XDCC bot. You might try and
> compromise it again, to uninstall the ftp/xdcc/identd..but it may well
> have been secured.
I know, that the banner was obfuscated, but i thought, it could be
"standard" banner for worm xyz.
Also, the identd is no real identd, because it simply puts the mentioned
output on the wire. As far as i know, on identd you have to input
<server port>, <client port> to get a result.
Anyway, thank you all for your help.
regards,
andreas
- Previous message: Andrew Smith: "Re: ftp warez server snake ?"
- In reply to: Andrew Smith: "Re: ftp warez server snake ?"
- Next in thread: M. Shirk: "Re: ftp warez server snake ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
