Security Incidents mailing list archives
Re: exploited win2k box, not quite sure how:
From: rulerpen <rulerpen () optonline net>
Date: Mon, 20 May 2002 14:58:35 -0400
Do you have an anonymous FTP server up? If so, that's probably where they got in from. Either disable anonymous FTP or limit write access. :) ----- Original Message ----- From: "John Jasen" <jjasen1 () umbc edu> To: <incidents () securityfocus com> Sent: Friday, May 17, 2002 9:05 PM Subject: exploited win2k box, not quite sure how:
Got a wierd one here. Win2k server, SP2 IIS 5.0 SQL server 7 ipswitch imail 6.x Its definitely been broken into. PC-cillian bas picked up a few nimda files, and there is a directory c:\tAGGEd with various subdirectories under it, and an unopenable file C:\TaGGed By Ca$e. I'm working on getting a disk image up for perusal, but that might take a few days. Anybody seen this yet? Searching securityfocus, McAfee, Google, and a few other places has come up dry. -- -- John E. Jasen (jjasen1 () umbc edu) -- User Error #2361: Please insert coffee and try again. --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- exploited win2k box, not quite sure how: John Jasen (May 20)
- Re: exploited win2k box, not quite sure how: Mike Lewinski (May 20)
- Re: exploited win2k box, not quite sure how: John Jasen (May 20)
- Re: exploited win2k box, not quite sure how: Scott Fendley (May 20)
- Re: exploited win2k box, not quite sure how: rulerpen (May 20)
- <Possible follow-ups>
- RE: exploited win2k box, not quite sure how: McCammon, Keith (May 20)
- RE: exploited win2k box, not quite sure how: Ron Yount (May 20)
- RE: exploited win2k box, not quite sure how: Butler, Brandon (May 20)
- FW: exploited win2k box, not quite sure how: Blake Frantz (May 20)