Security Incidents mailing list archives

Re: Rooted through in.identd on Red Hat 6.0

From: brett () LARIAT ORG (Brett Glass)
Date: Thu, 20 Apr 2000 14:04:38 -0600


At 07:58 AM 4/20/2000 , Erich Meier wrote:

Could it be, that this ftp connection caused an identd lookup done by the
ftpd at 200.192.58.201?


Yes. And doesn't the infamous WU-FTPD with a known buffer overrun do an
automatic ident on incoming control connections?

--Brett

Current thread:

I am popular today..., (continued)
- - - I am popular today... Dirk Koopman (Apr 28)
    - Re: I am popular today... Ryan Sweat (Apr 28)
    - Analysis: AboveNet attacks Robert Graham (Apr 28)
    - Re: I am popular today... Ville (Apr 29)
    - Lots netbios scans (udp 137) Russell Fulton (Apr 30)
    - High port UDP probe? Damian Gerow (Apr 25)
    - Re: High port UDP probe? Mark Rowe (Apr 26)
    - Lots of scan on port 9520 Erick Perez (Apr 25)
    - possible bind worm? Roelof Temmingh (Apr 25)
    - Re: Rooted through in.identd on Red Hat 6.0 Erich Meier (Apr 20)
    - Re: Rooted through in.identd on Red Hat 6.0 Brett Glass (Apr 20)
    - Tools to analyze "captured" binaries? -Reply Network Security (Apr 20)
    - Re: Tools to analyze "captured" binaries? -Reply Ex Machina (Apr 22)
    - Port 137 scans on the rise Bryan Andersen (Apr 20)
    - Re: Port 137 scans on the rise horio shoichi (Apr 22)
- Re: CGI scans from Strauss.udel.edu -- They're back Network Security (Apr 17)