[unisog] Windows 2000 break-ins

Russell Fulton r.fulton at auckland.ac.nz
Fri Sep 6 18:19:32 GMT 2002


On Sat, 2002-09-07 at 02:03, Arnold, Jamie wrote:
> Duke has a decent description of the IRC XDCC thingie..
> 
> http://security.duke.edu/cleaning/xdcc.html

hmmm... looks like a hacked ftp daemon, one could detect the ftp
commands going to non ftp ports with snort (we do this anyway) or write 
a specific rule that matches some text in the header.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin



More information about the unisog mailing list