Security Incidents mailing list archives

Re: ftp warez server snake ?

From: "M. Shirk" <shirkdog_list () hotmail com>
Date: Wed, 08 Dec 2004 12:21:53 -0500

Here is a link to look at the plugins and get around the new site:

http://cgi.nessus.org/plugins/

Shirkdog
http://www.shirkdog.us

From: Peter Moody <peter () ucsc edu>
To: Andreas Putzo <andreas () inferno nadir org>
CC: incidents () securityfocus com
Subject: Re: ftp warez server snake ?
Date: Tue, 07 Dec 2004 14:17:29 -0800

> There is also an auth server listening, providing me this:
>
> # nc 194.xx.x.xxx 113
>
>  : USERID : UNIX : ekwaxtjm

Auth server returning garbage date = Compromise, especially when not
prodded.  I'd provide you with the nessus plugin that explains this but
it looks like tennable has destroyed what used to be a useful nessus.org
website.

Short answer, the machine is owned and should be format/reinstall
treatment.

Regards,
-Peter
--
Peter Moody                             <peter () ucsc edu>
Information Security Administrator          831/459.5409
Information and Technology Services        UC Santa Cruz
http://security.ucsc.edu/pgp/peter.moody.pub      AS5739
:wq
<< signature.asc >>


_________________________________________________________________

Express yourself instantly with MSN Messenger! Download today - it's FREE!http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Current thread:

ftp warez server snake ? Andreas Putzo (Dec 07)
- Re: ftp warez server snake ? Peter Moody (Dec 07)
  - Re: ftp warez server snake ? Andrew Smith (Dec 08)
    - Re: ftp warez server snake ? Andreas Putzo (Dec 08)
  - Re: ftp warez server snake ? M. Shirk (Dec 08)
- Re: ftp warez server snake ? Bob User (Dec 08)
- <Possible follow-ups>
- Re: ftp warez server snake ? H Carvey (Dec 08)