Educause Security Discussion mailing list archives

Rogue FTP Servers

From: Elliott Franklin <franklin () TXSTATE EDU>
Date: Tue, 2 Nov 2004 12:44:05 -0600

We are experiencing a small number of compromised machines running FTP
servers on various non-standard ports.  The most recent port used was 6366
and we have located this on 30 machines.  I can't find anything on any of
the major virus sites to help us understand how this is occurring.  Anyone
else experiencing something similar?

Thanks!

Elliott Franklin, CISSP
Information Security Officer
Texas State University - San Marcos
http://www.txstate.edu/computing/security
512.245.2595

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Rogue FTP Servers Elliott Franklin (Nov 02)
- <Possible follow-ups>
- Re: Rogue FTP Servers John Bambenek (Nov 02)
- Re: Rogue FTP Servers Daniel Adinolfi (Nov 02)
- Re: Rogue FTP Servers Mike Iglesias (Nov 02)
- Re: Rogue FTP Servers Anderson, Brandie (Nov 02)
- Re: Rogue FTP Servers Jordan Wiens (Nov 02)
- Re: Rogue FTP Servers Elliott Franklin (Nov 02)
- Re: Rogue FTP Servers Justin Azoff (Nov 02)
- Re: Rogue FTP Servers Anderson, Brandie (Nov 02)
- Re: Rogue FTP Servers Todd Clementz (Nov 02)
- Re: Rogue FTP Servers Lucas, Bryan (Nov 02)

(Thread continues...)