[1223] in linux-security and linux-alert archive
[linux-security] Attempt to break through ftp
daemon@ATHENA.MIT.EDU (Evgeny Stambulchik)
Wed Oct 16 05:22:29 1996
From: Evgeny Stambulchik <fnevgeny@plasma-gate.weizmann.ac.il>
Date: Wed, 16 Oct 1996 03:10:47 +0200 (GMT+0200)
To: linux-security@tarsier.cv.nrao.edu
Hello,
A few hours ago there was an attempt to break into our server.
>From xferlog:
Tue Oct 15 20:29:21 1996 28 dgr-il2-24.ix.netcom.com 4005 /incoming/lininfo.zip
b _ i a fucker ftp 0 *
Now,
#file ~ftp/incoming/lininfo.zip
ELF 32-bit LSB shared object, Intel 386, version 1, not stripped
# strings ~ftp/incoming/lininfo.zip
[skipped not interesting stuff]
root-access
Welcome to the wonderful world of uid = 0
squidge
/bin/sh
exploit from my forthcoming paper:
Hardening your site - outside -> in
---
As far as I can see, nothing wrong has happend (of course I removed the file &
disabled net traffic from *.ix.netcom.com).
Anybody knows what kind of attack is it? Or is it something new?
Also, by a chance - some email of _real_ people at ix.netcom.com? root, support
etc are just an autoreplyiers :-(
Regards,
Evgeny
--
____________________________________________________________
/ Evgeny Stambulchik <fnevgeny@plasma-gate.weizmann.ac.il> \
/ Plasma Laboratory, Weizmann Institute of Science, Israel \ \
| Phone : (972)8-934-3610 == | == FAX : (972)8-934-3491 | |
| URL : http://plasma-gate.weizmann.ac.il/~fnevgeny/ | |
| Finger for PGP key >=====================================+ |
|______________________________________________________________|