[unisog] Hacking Attempts

Green, Steven J SGreen at Central.UH.EDU
Fri Feb 11 14:09:54 GMT 2005


We have recently seen some of our desktops hacked with a particular
exploit. The exploit is a Servu ftp server that accepts connections from
200.* and 201.*. There is no banner. Services added are WinUPD, Simple,
and Winlogon. The attacks occur on port 5100 after the initial machine
is hacked.
 
Does anyone have any detailed information regarding this specific hack?
Also, has anyone else seen this hack?
 
Thanks for a reply.
 
 
Steve Green
Security and Disaster Recovery
University of Houston
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20050211/ca9ac019/attachment.htm


More information about the unisog mailing list