Security Incidents mailing list archives

RE: FTP back in Vogue?

From: "John Rodley" <rfp () rodley com>
Date: Wed, 13 Mar 2002 21:49:52 -0500

I'm seeing persistent FTP attempts from an IP (217.8.137.183) that resolves
to:

        exploit.rootwhores.org

Anyone know what's going on with this domain?  Is this a blackhat with no
stealth instinct, or a completely compromised (including DNS) good guy?
Attached is whois info.

John Rodley


----------------------------------------------------------------------------
You agree that you will not reproduce, sell, transfer, or modify any of the
data presented in response to your search request, or use of any such data
for commercial purpose, without the prior express written permission of
Domaininfo AB - domaininfo.com

Register your name in 200+ top level domains at http://www.domaininfo.com
domaininfo.com
----------------------------------------------------------------------------
Registrar:domaininfo.com
Domain Name: rootwhores.org

[Owner of domain]
iTnetworks
Dronnings gt. 15
Larvik,  3260
NO

[Administrative contact]
Samuelsen, Benny
Visual Web Norge DA
Hans Kiærsgate 6
3041 Drammen
NO

Email: hostmaster () visual-web no
Phone: 47 32 260200
Fax: 47 32 811355

[Technical contact]
Samuelsen, Benny
Visual Web Norge DA
Hans Kiærsgate 6
3041 Drammen
NO

Email: hostmaster () visual-web no
Phone: 47 32 260200
Fax: 47 32 811355

[Zone contact]
Samuelsen, Benny
Visual Web Norge DA
Hans Kiærsgate 6
3041 Drammen
NO

Email: hostmaster () visual-web no
Phone: 47 32 260200
Fax: 47 32 811355


Record created: 18 Dec 2001
Record last changed: 18 Dec 2001
Domain expires: 18 Dec 2003

Primary name server:   ns1.nameserveren.com (195.159.151.21)
Secondary name server: ns2.nameserveren.com (195.159.151.12)
The previous information has been obtained either directly from the
registrant or a registrar of the domain name other than Network Solutions.
Network Solutions, therefore, does not guarantee its accuracy or
completeness.




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

FTP back in Vogue? leon (Mar 13)
- Re: FTP back in Vogue? Nathan W. Labadie (Mar 13)
- Re: FTP back in Vogue? switched (Mar 13)
  - RE: FTP back in Vogue? John Rodley (Mar 14)