Security Incidents mailing list archives
RE: exploited win2k box, not quite sure how:
From: Ron Yount <rony () co island wa us>
Date: Mon, 20 May 2002 11:44:54 -0700
I've seen what your describing from automated ftp scanners. Check the ftp logs to see what is there. Kill the anonymous ftp services. Ron -----Original Message----- From: John Jasen [mailto:jjasen1 () umbc edu] Sent: Friday, May 17, 2002 6:05 PM To: incidents () securityfocus com Subject: exploited win2k box, not quite sure how: Got a wierd one here. Win2k server, SP2 IIS 5.0 SQL server 7 ipswitch imail 6.x Its definitely been broken into. PC-cillian bas picked up a few nimda files, and there is a directory c:\tAGGEd with various subdirectories under it, and an unopenable file C:\TaGGed By Ca$e. I'm working on getting a disk image up for perusal, but that might take a few days. Anybody seen this yet? Searching securityfocus, McAfee, Google, and a few other places has come up dry. -- -- John E. Jasen (jjasen1 () umbc edu) -- User Error #2361: Please insert coffee and try again. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- exploited win2k box, not quite sure how: John Jasen (May 20)
- Re: exploited win2k box, not quite sure how: Mike Lewinski (May 20)
- Re: exploited win2k box, not quite sure how: John Jasen (May 20)
- Re: exploited win2k box, not quite sure how: Scott Fendley (May 20)
- Re: exploited win2k box, not quite sure how: rulerpen (May 20)
- <Possible follow-ups>
- RE: exploited win2k box, not quite sure how: McCammon, Keith (May 20)
- RE: exploited win2k box, not quite sure how: Ron Yount (May 20)
- RE: exploited win2k box, not quite sure how: Butler, Brandon (May 20)
- FW: exploited win2k box, not quite sure how: Blake Frantz (May 20)