Educause Security Discussion mailing list archives

Re: Rogue FTP Servers

From: John Bambenek <bambenek () CONTROL CSL UIUC EDU>
Date: Tue, 2 Nov 2004 12:57:02 -0600

Haven't seen anything... Do you have access to the machines?  Is it running
a standard FTP daemon or something more sinister?

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Elliott Franklin
Sent: Tuesday, November 02, 2004 12:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Rogue FTP Servers

We are experiencing a small number of compromised machines running FTP
servers on various non-standard ports.  The most recent port used was 6366
and we have located this on 30 machines.  I can't find anything on any of
the major virus sites to help us understand how this is occurring.  Anyone
else experiencing something similar?

Thanks!

Elliott Franklin, CISSP
Information Security Officer
Texas State University - San Marcos
http://www.txstate.edu/computing/security
512.245.2595

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Rogue FTP Servers Elliott Franklin (Nov 02)
- <Possible follow-ups>
- Re: Rogue FTP Servers John Bambenek (Nov 02)
- Re: Rogue FTP Servers Daniel Adinolfi (Nov 02)
- Re: Rogue FTP Servers Mike Iglesias (Nov 02)
- Re: Rogue FTP Servers Anderson, Brandie (Nov 02)
- Re: Rogue FTP Servers Jordan Wiens (Nov 02)
- Re: Rogue FTP Servers Elliott Franklin (Nov 02)
- Re: Rogue FTP Servers Justin Azoff (Nov 02)
- Re: Rogue FTP Servers Anderson, Brandie (Nov 02)
- Re: Rogue FTP Servers Todd Clementz (Nov 02)
- Re: Rogue FTP Servers Lucas, Bryan (Nov 02)
- Re: Rogue FTP Servers Geoff (Nov 02)

(Thread continues...)