Security Incidents mailing list archives
Re: ftp warez server snake ?
From: Andreas Putzo <andreas () inferno nadir org>
Date: Wed, 8 Dec 2004 18:44:36 +0100
Hello, Am Mittwoch, 8. Dezember 2004 16:58 schrieb Andrew Smith:
Certainly compromised, probably pubstro. "snake server" will be an FTP server with a obscure banner to confuse you. The "auth server" is an identd server running, probably, for an XDCC bot. You might try and compromise it again, to uninstall the ftp/xdcc/identd..but it may well have been secured.
I know, that the banner was obfuscated, but i thought, it could be "standard" banner for worm xyz. Also, the identd is no real identd, because it simply puts the mentioned output on the wire. As far as i know, on identd you have to input <server port>, <client port> to get a result. Anyway, thank you all for your help. regards, andreas
Current thread:
- ftp warez server snake ? Andreas Putzo (Dec 07)
- Re: ftp warez server snake ? Peter Moody (Dec 07)
- Re: ftp warez server snake ? Andrew Smith (Dec 08)
- Re: ftp warez server snake ? Andreas Putzo (Dec 08)
- Re: ftp warez server snake ? M. Shirk (Dec 08)
- Re: ftp warez server snake ? Andrew Smith (Dec 08)
- Re: ftp warez server snake ? Bob User (Dec 08)
- <Possible follow-ups>
- Re: ftp warez server snake ? H Carvey (Dec 08)
- Re: ftp warez server snake ? Peter Moody (Dec 07)