I seem to have missed the BUGTRAQ report on the wu-ftpd exploit.
Unfortunately it seems as if one of our systems has been hacked by that (or
a previous wu-ftpd exploit) very recently.
Does anybody have information about this:
- specifics (with or without exploit)
- fingerprints
- post-mortem analysis
- fixes
Thanks in advance,
Harry
> -----Original Message-----
> From: Incidents Mailing List [mailto:INCIDENTS_at_SECURITYFOCUS.COM]On
> Behalf Of Jude
> Sent: Thursday, October 05, 2000 1:03 AM
> To: INCIDENTS_at_SECURITYFOCUS.COM
> Subject: @Home Nederland - port scans are OK
>
>
> Somebody at nl.home.com probed my FTP port, right after the
> recent wu-ftpd exploit was announced on Bugtraq. I sent off
> a report to abuse_at_home.nl. Their reply includes the following
> statements:
>
> Actions of @Home customers are considered to be abuse
> if they are in breach of our current AUP. A copy of our
> AUP can be read at
> http://www.home.nl/product/voorwaarden3.html
> ...
> ...
> * Portscanning is not a violation of our AUP.
>
> This policy would explain why crackers would want to use
> nl.home.com for portscanning.
>
> I could not access the AUP URL; maybe it's inaccessible outside
> of their networks.
>
> _______________________________________________________
> Are you a Techie? Get Your Free Tech Email Address Now!
> Many to choose from! Visit http://www.TechEmail.com
>
>
Received on Oct 05 2000
Intro
