Security Incidents mailing list archives
Scan of the Month - Two Exploits
From: Lance Spitzner <lance () SPITZNER NET>
Date: Mon, 11 Dec 2000 19:22:24 -0600
As some of you may know, the Honeynet Project
sponsors a "Scan of the Month" section. We take
scans from the wild and challenge the security
community to decode the answers. The results are
then archived for the security community.
This month's Scan is unique. Several scans and
two exploits were ran against a Linux honeypot
in the same morning. The challenge to the
security community is to review the captured
signatures and answer any of the following six
questions based on the snort signatures.
### QUESTION 1: Can you name the FTP scanning tool?
### QUESTION 2: What does this FTP exploit achieve? Does it open a port,
create a shell, add a user account?
### QUESTION 3: Is the FTP attack successful?
### QUESTION 4: What RPC service is exploited?
### QUESTION 5: Where in the exploit code below does he bind a shell
to port 39168?
### QUESTION 6: What two accounts are created, and what are the UID's?
The Scan of the Month can be found at
http://project.honeynet.org/scans/index.html
--
Lance Spitzner
http://project.honeynet.org
Current thread:
- Scan of the Month - Two Exploits Lance Spitzner (Dec 13)
- Re: Scan of the Month - Two Exploits Michal Zalewski (Dec 14)
- Re: Scan of the Month - Two Exploits Brent Woodfield (Dec 15)
- Re: Scan of the Month - Two Exploits Michal Zalewski (Dec 14)