Educause Security Discussion mailing list archives
Re: Rogue FTP Servers
From: Mike Iglesias <iglesias () DRACO ACS UCI EDU>
Date: Tue, 2 Nov 2004 11:10:49 -0800
We are experiencing a small number of compromised machines running FTP servers on various non-standard ports. The most recent port used was 6366 and we have located this on 30 machines. I can't find anything on any of the major virus sites to help us understand how this is occurring. Anyone else experiencing something similar?
What we usually see is that a system gets infected with one of the worms that leaves a backdoor open, and someone uses the backdoor to install the ftp site. At some point later on, they use it to distribute warez, like hacked games, licensed software, movies, and music. Mike Iglesias Email: iglesias () draco acs uci edu University of California, Irvine phone: 949-824-6926 Network & Academic Computing Services FAX: 949-824-2069 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Rogue FTP Servers Elliott Franklin (Nov 02)
- <Possible follow-ups>
- Re: Rogue FTP Servers John Bambenek (Nov 02)
- Re: Rogue FTP Servers Daniel Adinolfi (Nov 02)
- Re: Rogue FTP Servers Mike Iglesias (Nov 02)
- Re: Rogue FTP Servers Anderson, Brandie (Nov 02)
- Re: Rogue FTP Servers Jordan Wiens (Nov 02)
- Re: Rogue FTP Servers Elliott Franklin (Nov 02)
- Re: Rogue FTP Servers Justin Azoff (Nov 02)
- Re: Rogue FTP Servers Anderson, Brandie (Nov 02)
- Re: Rogue FTP Servers Todd Clementz (Nov 02)
- Re: Rogue FTP Servers Lucas, Bryan (Nov 02)
- Re: Rogue FTP Servers Geoff (Nov 02)
- Re: Rogue FTP Servers Brian Eckman (Nov 02)
- Re: Rogue FTP Servers Wyman Miles (Nov 02)
(Thread continues...)