Wu-ftpd 2.6.2

From: Costas Karafasoulis (karafasat_private-t.gr)
Date: Thu Apr 18 2002 - 22:44:00 PDT

  • Next message: Dan Irwin: "illogic rootkit"

      
     I got a response from the wu-ftpd development teem. It seems that it
    was a false alarm, so I  have attached an ascii log of the attack.
    
     A little  history of the compromised system:
    
      - At the beginning it was a default installation of R7.2 running
    wu-ftpd 2.6.1
      - 15 days ago it was hacked through wu-ftpd 2.6.1 and the attacker
    patched the system to wu-ftpd 2.6.2 
        (he had transferred his binary files for wu-ftpd 2.6.2, so I can not
    be definitely sure that this is the original version)
      - After that,  several autorooters visited the system, checked the
    version and left except this last attack which was quite persistent.
        In addition the attacker kept using his exploiting tool to enter the
    system, besides the use  of his backdoors, Which gives
        an impression of testing the exploiting script
    
    Wondering if this is an attack to previously rooted systems ..
    
    Thanks,
    Costas
    
    
    
    ----------------------------
    Costas Karafasoulis
    Internet Systematics Lab, 
    Honeynet Project
    NCSR Demokritos
    http://www.honeynet.gr 
     
    
    
    

    ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com



    This archive was generated by hypermail 2b30 : Fri Apr 19 2002 - 09:07:07 PDT