Vulnerability Development mailing list archives
Re: mystery SF scan tool = Idlescan correlation
From: Jan Muenther <jan () RADIO HUNDERT6 DE>
Date: Tue, 14 Nov 2000 18:19:44 +0100
Hi there, For everybody interested in this issue: I had received two of these scans last week and took a quick look at the originating hosts. They were both Redhat boxes with _loads_ of open ports and wuftpd running. I mailed to the tech contacts and told them their boxes were probably compromised. Both admins had already learnt this much, but currently post-mortem analysis is being done. It seems the crackers uploaded a file called hackdatei.tar.gz several times on one of the hosts. FYI (datei == file in german) - what an original name. Hope I'll get to see that tarball soon, I'll keep you in touch with what I found out. Bye, Jan -- Radio HUNDERT,6 Medien GmbH Berlin - EDV - j.muenther () radio hundert6 de
Current thread:
- mystery SF scan tool = Idlescan correlation Bidwell, Teri K (Nov 14)
- Re: mystery SF scan tool = Idlescan correlation Jan Muenther (Nov 15)