Security Incidents mailing list archives
Re: ftp warez server snake ?
From: "Bob User" <bob () catch23 kicks-ass net>
Date: Tue, 7 Dec 2004 20:30:09 -0500
Most of the rootkits I run into that spread via IRC and shares seem to use the Serv-U FTP server, for what it's worth. Most all IRC rootkits seem to answer identd also, there are a million of 'em out there, probably it's a typical ServU-mIRC modified kit. ----- Original Message ----- From: "Andreas Putzo" <andreas () inferno nadir org> To: <incidents () securityfocus com> Sent: Tuesday, December 07, 2004 4:14 PM Subject: ftp warez server snake ?
Hello, today i found an ftp server listening on port 5800 on a windows box. Anonymous login is not allowed. I tried a few name/pass combos without
luck.
I believe, it's a pubstro used for warez, but i don't have physical access
to
confirm this. # ftp 194.xx.x.xx 5800 Connected to 194.xx.x.xx. 220 Snake Server Name (194.xx.x.xx:root): snake 331 User name okay, need password. Password: 530 Not logged in. Login failed. Remote system type is habe. ftp> There is also an auth server listening, providing me this: # nc 194.xx.x.xxx 113 : USERID : UNIX : ekwaxtjm I googled a bit, but found nothing useful. Anyone recognize this one? regards, Andreas
Current thread:
- ftp warez server snake ? Andreas Putzo (Dec 07)
- Re: ftp warez server snake ? Peter Moody (Dec 07)
- Re: ftp warez server snake ? Andrew Smith (Dec 08)
- Re: ftp warez server snake ? Andreas Putzo (Dec 08)
- Re: ftp warez server snake ? M. Shirk (Dec 08)
- Re: ftp warez server snake ? Andrew Smith (Dec 08)
- Re: ftp warez server snake ? Bob User (Dec 08)
- <Possible follow-ups>
- Re: ftp warez server snake ? H Carvey (Dec 08)
- Re: ftp warez server snake ? Peter Moody (Dec 07)