FireDaemon exploit - part 2

[purdy () hushmail com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I had a request by someone here as to what program was causing the max utilization of our client's t1 outgoing circuit 
as a result of their compromised server being used as a bot for DDoS.  We were able to kill the bots quickly and own 
the machine again, but did not discover until today that the actual program used was identd, 
http://www.ake.nu/software/eyedentd/ .  One interesting thing we found was idents.txt containg about 500 cracker sigs.  
Have attached this file for perusal should anyone be interested.  I believe that this is used by the ServU FTP daemon 
to permit warez login for file downloads.

Curt
- ----------------------------------------
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
- -- White House cybersecurity adviser Richard Clarke
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wloEARECABoFAj1AI00THHB1cmR5QGh1c2htYWlsLmNvbQAKCRCaCAXiK6ZkH9uZAKCu
qwbsEvcAhqMzcXPxf16OZEp9LQCfYGZPaXkQsgfBgU0+P8kZoJ/XkBE=
=8OBf
-----END PGP SIGNATURE-----


Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

Attachment: idents.txt
Description:

Attachment: idents.txt.sig
Description:

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com