Full Disclosure mailing list archives
Scans for IPSwitch IMail LDAP vuilnerability
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Tue, 24 Feb 2004 19:19:52 +0300
Dear full-disclosure () lists netsys com, Information was received from Kaspersky Labs, there is increased activity on TCP/389 (LDAP) port. Analysis of captured packet demonstrates attempt to exploit IPSwitch IMail LDAP vulnerability. Packet contains universal reverse shell shellcode. Trojan is installed on owned host (listens on TCP/21 and pretends to be wu-ftpd). Best solution is to filter TCP/389. -- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles) +-------------o66o--+ / |/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Scans for IPSwitch IMail LDAP vuilnerability 3APA3A (Feb 24)