Security Incidents mailing list archives
FireDaemon exploit - part 2
From: purdy () hushmail com
Date: Thu, 25 Jul 2002 09:12:20 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I had a request by someone here as to what program was causing the max utilization of our client's t1 outgoing circuit as a result of their compromised server being used as a bot for DDoS. We were able to kill the bots quickly and own the machine again, but did not discover until today that the actual program used was identd, http://www.ake.nu/software/eyedentd/ . One interesting thing we found was idents.txt containg about 500 cracker sigs. Have attached this file for perusal should anyone be interested. I believe that this is used by the ServU FTP daemon to permit warez login for file downloads. Curt - ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. - -- White House cybersecurity adviser Richard Clarke -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wloEARECABoFAj1AI00THHB1cmR5QGh1c2htYWlsLmNvbQAKCRCaCAXiK6ZkH9uZAKCu qwbsEvcAhqMzcXPxf16OZEp9LQCfYGZPaXkQsgfBgU0+P8kZoJ/XkBE= =8OBf -----END PGP SIGNATURE----- Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=2 Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
Attachment:
idents.txt
Description:
Attachment:
idents.txt.sig
Description:
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- FireDaemon exploit - part 2 purdy (Jul 25)