Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Attempted FTP intrusion

from [Tillmann Werner] Network Security [Permanent Link]
Subject: Re: Attempted FTP intrusion
Date: Wed, 31 Jan 2007 23:09:16 +0100 
David,


  Although none of the login attempts succeeded, on some machines it
also attempted to remove a directory named "sarcaxxo".  This links it
to incidents reported by other sites as far back as the beginning of
November 2006.  Nobody yet seems to know what's behind this.


Looks pretty much like the "inode ftp scanner" (attached). As you can see, it 
tries to delete the mentioned directory after a failed login attempt. 
However, the code is really lame - this his how you should not do it.

Regards,
Tillmann

Attachment: ftp_scanner.c
Description: Text Data

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Attempted FTP intrusion, David Gillett
Previous by Thread:  Attempted FTP intrusion, David Gillett
Next by Thread:  [Full-disclosure] [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery], Netragard Security Advisories
Indexes:  [Date] [Thread] [Top] [All Lists]