-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I had a request by someone here as to what program was causing the max utilization of our client's t1 outgoing circuit as a result of their compromised server being used as a bot for DDoS. We were able to kill the bots quickly and own the machine again, but did not discover until today that the actual program used was identd, http://www.ake.nu/software/eyedentd/ . One interesting thing we found was idents.txt containg about 500 cracker sigs. Have attached this file for perusal should anyone be interested. I believe that this is used by the ServU FTP daemon to permit warez login for file downloads. Curt - ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. - -- White House cybersecurity adviser Richard Clarke -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wloEARECABoFAj1AI00THHB1cmR5QGh1c2htYWlsLmNvbQAKCRCaCAXiK6ZkH9uZAKCu qwbsEvcAhqMzcXPxf16OZEp9LQCfYGZPaXkQsgfBgU0+P8kZoJ/XkBE= =8OBf -----END PGP SIGNATURE----- Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=2 Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
This archive was generated by hypermail 2b30 : Thu Jul 25 2002 - 09:19:41 PDT