Security Incidents mailing list archives
Re: ftp warez server snake ?
From: "M. Shirk" <shirkdog_list () hotmail com>
Date: Wed, 08 Dec 2004 12:21:53 -0500
Here is a link to look at the plugins and get around the new site: http://cgi.nessus.org/plugins/ Shirkdog http://www.shirkdog.us
From: Peter Moody <peter () ucsc edu> To: Andreas Putzo <andreas () inferno nadir org> CC: incidents () securityfocus com Subject: Re: ftp warez server snake ? Date: Tue, 07 Dec 2004 14:17:29 -0800 > There is also an auth server listening, providing me this: > > # nc 194.xx.x.xxx 113 > > : USERID : UNIX : ekwaxtjm Auth server returning garbage date = Compromise, especially when not prodded. I'd provide you with the nessus plugin that explains this but it looks like tennable has destroyed what used to be a useful nessus.org website. Short answer, the machine is owned and should be format/reinstall treatment. Regards, -Peter -- Peter Moody <peter () ucsc edu> Information Security Administrator 831/459.5409 Information and Technology Services UC Santa Cruz http://security.ucsc.edu/pgp/peter.moody.pub AS5739 :wq << signature.asc >>
_________________________________________________________________Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Current thread:
- ftp warez server snake ? Andreas Putzo (Dec 07)
- Re: ftp warez server snake ? Peter Moody (Dec 07)
- Re: ftp warez server snake ? Andrew Smith (Dec 08)
- Re: ftp warez server snake ? Andreas Putzo (Dec 08)
- Re: ftp warez server snake ? M. Shirk (Dec 08)
- Re: ftp warez server snake ? Andrew Smith (Dec 08)
- Re: ftp warez server snake ? Bob User (Dec 08)
- <Possible follow-ups>
- Re: ftp warez server snake ? H Carvey (Dec 08)
- Re: ftp warez server snake ? Peter Moody (Dec 07)