[lug] Attempted hack from 202.185.243.121
John Hernandez
John.Hernandez at noaa.gov
Wed Apr 24 10:42:45 MDT 2002
An easy way to find out would be to scan it with your favorite Windows
Antivirus software.
But the real reason for my reply is to urge you to seek an alternative
to the anonymous ftp upload situation you have in place. It's
generally accepted to be a bad thing. If you WANT someone to put
something there, it's usually easy enough to send them some account
information. You could even use a simple one-time password solution
like S/Key (OPIE).
Paul Bille wrote:
>
> Apr 21 13:55:46 liz ftpd[27511]: ANONYMOUS FTP LOGIN FROM
> lns01v-6-153.w.club-internet.fr [213.44.245.153], anonymous at on.the.net
> Sun Apr 21 13:57:05 2002 35 lns01v-6-153.w.club-internet.fr 28160
> /var/ftp/incoming/love.exe b _ i a anonymous at on.the.net ftp 0 * c
> -rwxrwxr-x 1 ftp ftp 28160 Apr 21 13:57 love.exe
>
> The executable is smaller than W95.SoFunny.Worm at m so I don't know what it
> is. Has anyone else seen anything like this?
>
--
- John Hernandez - Network Engineer - 303-497-6392 -
| National Oceanic and Atmospheric Administration |
| Mailstop R/OM12. 325 Broadway, Boulder, CO 80305 |
----------------------------------------------------
More information about the LUG
mailing list