[1223] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Attempt to break through ftp

daemon@ATHENA.MIT.EDU (Evgeny Stambulchik)
Wed Oct 16 05:22:29 1996

From: Evgeny Stambulchik <fnevgeny@plasma-gate.weizmann.ac.il>
Date: Wed, 16 Oct 1996 03:10:47 +0200 (GMT+0200)
To: linux-security@tarsier.cv.nrao.edu

Hello,

A few hours ago there was an attempt to break into our server.

>From xferlog:

Tue Oct 15 20:29:21 1996 28 dgr-il2-24.ix.netcom.com 4005 /incoming/lininfo.zip
b _ i a fucker ftp 0 *

Now,

#file ~ftp/incoming/lininfo.zip 
ELF 32-bit LSB shared object, Intel 386, version 1, not stripped

# strings ~ftp/incoming/lininfo.zip

[skipped not interesting stuff]

root-access
Welcome to the wonderful world of uid = 0
                                  squidge
/bin/sh
exploit from my forthcoming paper:
Hardening your site - outside -> in

---

As far as I can see, nothing wrong has happend (of course I removed the file &
disabled net traffic from *.ix.netcom.com).

Anybody knows what kind of attack is it? Or is it something new?
Also, by a chance - some email of _real_ people at ix.netcom.com? root, support
etc are just an autoreplyiers :-(

Regards,

Evgeny


--
   ____________________________________________________________
  / Evgeny Stambulchik  <fnevgeny@plasma-gate.weizmann.ac.il>  \
 /  Plasma Laboratory, Weizmann Institute of Science, Israel \  \
 |  Phone : (972)8-934-3610  == | == FAX   : (972)8-934-3491 |  |
 |  URL   :    http://plasma-gate.weizmann.ac.il/~fnevgeny/  |  |
 |  Finger for PGP key >=====================================+  | 
 |______________________________________________________________| 

home help back first fref pref prev next nref lref last post