Educause Security Discussion mailing list archives
Re: Rogue FTP Servers
From: Wyman Miles <wm63 () CORNELL EDU>
Date: Tue, 2 Nov 2004 16:20:34 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Tuesday, November 02, 2004 3:16 PM -0500 Justin Azoff <JAzoff () UAMAIL ALBANY EDU> wrote:
On Tue, 2004-11-02 at 14:28, Anderson, Brandie wrote:Does the banner say anything about "pubstro"?I found one that had a banner of: 220-FTP SerVeR ReADy 220-_______________________________________________ 220- - = ] MadHouse [ = - 220-??????????????????????????????????????????????? 220- This Stro is Brought You By Divx_due 220- & Evisu! 220- ____________ 220- User iNFO : ..... Does "Stro" mean something in another language? -- -- Justin Azoff -- Network Performance Analyst
We've seen all manner of different banners and ports. One banner in particular was drawn directly from OpenSSH and clearly intended to mimic an SSH server -- only the '220' at the front was the giveaway. Ports are chosen at random and one machine often has several FTP servers present. About the only consistency we saw recently was the presence of an ident listener (113/tcp) on botted systems. Finding this more often than not led to finding FTP servers on high ports. Wyman Miles Senior Security Engineer Cornell University, Ithaca, NY (607) 255-8421 -----BEGIN PGP SIGNATURE----- Version: Mulberry PGP Plugin v3.0 Comment: processed by Mulberry PGP Plugin iQA/AwUBQYf6I8RE6QfTb3V0EQLvnACg6yAntrx0e9dvZWUBs9rJQ9x1RqsAoJdA VEu4uSUT05AGyxjHEeuTHBab =8Wzd -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Re: Rogue FTP Servers, (continued)
- Re: Rogue FTP Servers Mike Iglesias (Nov 02)
- Re: Rogue FTP Servers Anderson, Brandie (Nov 02)
- Re: Rogue FTP Servers Jordan Wiens (Nov 02)
- Re: Rogue FTP Servers Elliott Franklin (Nov 02)
- Re: Rogue FTP Servers Justin Azoff (Nov 02)
- Re: Rogue FTP Servers Anderson, Brandie (Nov 02)
- Re: Rogue FTP Servers Todd Clementz (Nov 02)
- Re: Rogue FTP Servers Lucas, Bryan (Nov 02)
- Re: Rogue FTP Servers Geoff (Nov 02)
- Re: Rogue FTP Servers Brian Eckman (Nov 02)
- Re: Rogue FTP Servers Wyman Miles (Nov 02)
- Re: Rogue FTP Servers Schmidt, Eric W (Nov 02)
- Re: Rogue FTP Servers James H Moore (Nov 02)
- Re: Rogue FTP Servers RLVaughn (Nov 02)
- Re: Rogue FTP Servers Mark Wilson (Nov 03)
- Re: Rogue FTP Servers Jason Richardson (Nov 04)