Security Incidents mailing list archives
RE: Trojan of somesort - Update
From: "James C Slora Jr" <Jim.Slora () phra com>
Date: Fri, 28 May 2004 11:02:04 -0400
Can you elaborate on how the box was "hacked"? I'll admit that I've perhaps missed one or two of the posts in this thread...and since the SF lists aren't up to date, I can't research those. What information did Bob provide to indicate a "hack"?
From BtB's original post
I am currently doing an investigation into a compromised system. Before
pulling the plug I netcatted to a suspicous open port and received the following banner:
220 SiGN - FR33-FXP3rs - On Da FUcKiNG C@S£!!!
- suspicious open port (not normal FTP port for that system) - FXP FTP server banner on that port I don't know of a way to make these happen without abusing the system from the inside or compromising it from the outside.
Current thread:
- Re: Trojan of somesort - Update Bob the Builder (May 27)
- Re: Trojan of somesort - Update Paul Schmehl (May 27)
- Re: Trojan of somesort - Update Pho Man (May 27)
- Re: Trojan of somesort - Update Harlan Carvey (May 27)
- Re: Trojan of somesort - Update Harlan Carvey (May 27)
- RE: Trojan of somesort - Update James C Slora Jr (May 28)
- RE: Trojan of somesort - Update Harlan Carvey (May 28)
- RE: Trojan of somesort - Update James C Slora Jr (May 29)
- RE: Trojan of somesort - Update Harlan Carvey (May 28)
- Re: Trojan of somesort - Update Pho Man (May 27)
- Re: Trojan of somesort - Update Gadi Evron (May 28)
- Re: Trojan of somesort - Update Paul Schmehl (May 27)
- Re: Trojan of somesort - Update Paul Schmehl (May 28)
- Re: Trojan of somesort - Update Harlan Carvey (May 28)
- Re: Trojan of somesort - Update Gadi Evron (May 28)
- Changing file times, was -> Re: Trojan of somesort - Update Harlan Carvey (May 28)
- Re: Changing file times, was -> Re: Trojan of somesort - Update Gadi Evron (May 28)
- <Possible follow-ups>
- Re: Trojan of somesort - Update Derek (May 28)