[unisog] Windows 2000 break-ins
harnold at binghamton.edu
Fri Sep 6 18:33:00 GMT 2002
Usually ServUFTP...it's pretty flexible.
From: Russell Fulton [mailto:r.fulton at auckland.ac.nz]
Sent: Friday, September 06, 2002 2:20 PM
To: unisog at sans.org
Subject: RE: [unisog] Windows 2000 break-ins
On Sat, 2002-09-07 at 02:03, Arnold, Jamie wrote:
> Duke has a decent description of the IRC XDCC thingie..
hmmm... looks like a hacked ftp daemon, one could detect the ftp commands
going to non ftp ports with snort (we do this anyway) or write
a specific rule that matches some text in the header.
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
"It aint necessarily so" - Gershwin
More information about the unisog