[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Raq3 ProFTP exploits

Subject: RE: [cobalt-users] Raq3 ProFTP exploits
From: "Sean Chester" <seanc@xxxxxxxxxxxxxxxxxxxxxx>
Date: Wed Feb 21 08:21:03 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

>While everyone's worrying about Bind exploits the
>scriptkiddies are running some type of auto FTP checker.
>My theory is that it auto finds FTP hosts and auto logins and records
>the FTP server version so they can return later and attempt to
>hack in to exploitable FTP's.


They could also be scanning for 'dump' sites rather than trying to r00t you.


There are a number of 'groups' out there who specialize in fxp'ing.
fxp'ing is transfering files from site-to-site (not using YOUR bandwith)

They have created their own tools (i believe one is called GrimPing).
It scans and finds anonymous FTP's and checks to see if its writable, if it
is,
it then sends a 1mb file to it to calculate the speed on the server.

Hidden directorys are then created (/_vti_pvt/.hidden/.files/.are/.here)
and sometimes HUGE amounts of pirate software (mostly ISO images of games
and DVD rips) are fxp'ed to your server.

The groups then post your IP on there message boards, and the person/group
who made the 'pub' (public dump site)
gets to feel eleet for a while :-)

Follow-Ups:
- RE: [cobalt-users] Raq3 ProFTP exploits-Grim's Ping
  - From: Frank Cubillos

References:
- [cobalt-users] Raq3 ProFTP exploits
  - From: GPS

Prev by Date: Re: [cobalt-users] raq4 mysql
Next by Date: RE: [cobalt-security] [cobalt-users] RAQ2 Bind 8.2.3 patch won't install
Previous by thread: [cobalt-users] Raq3 ProFTP exploits
Next by thread: RE: [cobalt-users] Raq3 ProFTP exploits-Grim's Ping

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index