Wu-ftpd 2.6.2

• Previous message: Przemyslaw Frasunek: "Re: known expoit for wu-ftpd 2.6.2(1) ??"
• Next in thread: Przemyslaw Frasunek: "Re: Wu-ftpd 2.6.2"
• Reply: Przemyslaw Frasunek: "Re: Wu-ftpd 2.6.2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  
 I got a response from the wu-ftpd development teem. It seems that it
was a false alarm, so I  have attached an ascii log of the attack.

 A little  history of the compromised system:

  - At the beginning it was a default installation of R7.2 running
wu-ftpd 2.6.1
  - 15 days ago it was hacked through wu-ftpd 2.6.1 and the attacker
patched the system to wu-ftpd 2.6.2 
    (he had transferred his binary files for wu-ftpd 2.6.2, so I can not
be definitely sure that this is the original version)
  - After that,  several autorooters visited the system, checked the
version and left except this last attack which was quite persistent.
    In addition the attacker kept using his exploiting tool to enter the
system, besides the use  of his backdoors, Which gives
    an impression of testing the exploiting script

Wondering if this is an attack to previously rooted systems ..

Thanks,
Costas



----------------------------
Costas Karafasoulis
Internet Systematics Lab, 
Honeynet Project
NCSR Demokritos
http://www.honeynet.gr 
 

• application/x-zip-compressed attachment: logs.zip

• Next message: Dan Irwin: "illogic rootkit"
• Previous message: Przemyslaw Frasunek: "Re: known expoit for wu-ftpd 2.6.2(1) ??"
• Next in thread: Przemyslaw Frasunek: "Re: Wu-ftpd 2.6.2"
• Reply: Przemyslaw Frasunek: "Re: Wu-ftpd 2.6.2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 19 2002 - 09:07:07 PDT