[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[connect24h:01904] Re: source port $B$,(B ftp-data $B$N%9%-%c%s(B

To: connect24h@xxxxxxxxxxxxx
Subject: [connect24h:01904] Re: source port $B$,(B ftp-data $B$N%9%-%c%s(B
From: DANNA <danna@xxxxxxxxxxx>
Date: Sat, 03 Mar 2001 17:34:55 +0900

$B%@%s%J!w%5%]%;%s$G$9!#(B
(B
(B[connect24h:01901] source port $B$,(B ftp-data $B$N%9%-%c%s(B
(B> $B%=!<%9%]!<%H$,(B20(ftp-data)$B$G!"$"$F@h%]!<%H$,(B5665$B!#(B
(B
(Btcp/5665 $B$O(Bsshd$B$r2~B$$7$?%P%C%/%I%"$,;E3]$1$i$l$?>l9g$N%j%9%s(B
$B%]!<%H$H$7$F;H$o$l$k$h$&$G$9!#(B
(B
$B$A$g$C$H(BWeb$B$rWQWK$7$F$=$l$i$7$$$N$rC5$7$F$-$^$7$?!#(Brootkit$B$G(B
$B$=$&$$$N$,B8:_$9$k$i$7$$$G$9$M!#(B
(B
(B> The attackers left behind a tarball called 'shitc.tgz' 
(B> in /usr/bin/.../.terminfo 
(B> There is a modified sshd /bin/fgry which listens on port 5665 
(B> and /bin/in.slogind that listens on port 19000. 
(B
(B+----------------------------------------+
(B  DANNA @ SAPOSEN
(B  e-mail : danna@xxxxxxxxxxx
(B  web site : http://www.hawkeye.ac/micky
(B+----------------------------------------+

Follow-Ups:
- [connect24h:01907] Re: source port $B$,(B ftp-data $B$N%9%-%c%s(B
  - From: Seiichi Nakashima

References:
- [connect24h:01901] source port $B$,(B ftp-data $B$N(B$B%9%-%c%s(B
  - From: Hiroshi Tsukamoto
- [connect24h:01902] Re: source port $B$,(B ftp-data $B$N%9%-%c%s(B
  - From: Naoki.Kuniyoshi.

Prev by Date: [connect24h:01903] Planex $B$N%k!<%?!"(JDoS$B$G;`K4!)(J
Next by Date: [connect24h:01905] Re: Planex $B$N%k!<%?!"(BDoS$B$G;`(B$BK4!)(B
Previous by thread: [connect24h:01902] Re: source port $B$,(B ftp-data $B$N%9%-%c%s(B
Next by thread: [connect24h:01907] Re: source port $B$,(B ftp-data $B$N%9%-%c%s(B
Index(es):
- Date
- Thread

[connect24h:01904] Re: source port $B$,(B ftp-data $B$N%9%-%c%s(B

[connect24h:01904] Re: source port $B$,(B ftp-data $B$N%9%-%c%s(B