I had opened anonymous FTP on my workstation at my office as a convenience to myself and fellow research partners. It allowed write access, but I keep a close eye on it and haven't had any problems until today. This way we're not sending unencrypted passwords across the network. The machine is WindowsXP Prof, running the included FTP server. Today in one of the directories I find this /.tagged/~/.scanned/by/NTVM/com1 I immediately turned off the FTP service and disabled the IUSR account. At first glance it just seems that my box was found through some scanning and marked as a possible warez dump site. Also, now that I would like to clean this up, I find that I cannot delete the folder "com1". No ACL information is found in the properties for the directory and it's not read-only. Somehow the tool created a "permanent" folder. What can be done to clean this up? Also, for those that may have ran into this before - has anything else been found that should also be taken into consideration? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Dec 08 2001 - 22:41:47 PST