Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rogue FTP Servers

From: "Anderson, Brandie" <brandie.anderson () TTU EDU>
Date: Tue, 2 Nov 2004 13:28:09 -0600
Does the banner say anything about "pubstro"?

  
Brandie Anderson, CISSP, MCSE, CNA
Information Security Officer
Texas Tech University
742-8000 x7011

"If you spend more on coffee than you do on security, you will be
hacked. And moreover, you deserve to be hacked."
--Richard Clarke, Special Advisor to the President 
 

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Elliott Franklin
Sent: Tuesday, November 02, 2004 12:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Rogue FTP Servers

We are experiencing a small number of compromised machines running FTP
servers on various non-standard ports.  The most recent port used was
6366
and we have located this on 30 machines.  I can't find anything on any
of
the major virus sites to help us understand how this is occurring.
Anyone
else experiencing something similar?

Thanks!

Elliott Franklin, CISSP
Information Security Officer
Texas State University - San Marcos
http://www.txstate.edu/computing/security
512.245.2595

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: