> What I don't get is why would someone with full FTP access wreak
> having with
> a Denial of Service attack pinging Yahoo which everyone knows has
> very good
> MDA's and routers to turn back unnecessary packets...
just because they could, I suppose....
> -----Original Message-----
> From: Brian Thornton [mailto:[EMAIL PROTECTED]]
> Sent: Monday, March 26, 2001 7:56 PM
> To: CF-Server
> Subject: Re: hacked and wondering why?
>
>
> What I don't get is why would someone with full FTP access wreak
> having with
> a Denial of Service attack pinging Yahoo which everyone knows has
> very good
> MDA's and routers to turn back unnecessary packets...
> ----- Original Message -----
> From: "John Cesta - Lists" <[EMAIL PROTECTED]>
> To: "CF-Server" <[EMAIL PROTECTED]>
> Sent: Monday, March 26, 2001 4:53 PM
> Subject: RE: hacked and wondering why?
>
>
> > > They list a number of programs that an intruder might play havoc with,
> > > including regedt32.exe, ftp.exe, telnet.exe, ping.exe, etc. Actually,
> > > there's probably little reason to even have many of them
> installed on a
> > > server.
> >
> > Yea, we just removed most of them.
> >
> > thanks,
> >
> > John
> >
> > > -----Original Message-----
> > > From: Jim McAtee [mailto:[EMAIL PROTECTED]]
> > > Sent: Monday, March 26, 2001 6:19 PM
> > > To: CF-Server
> > > Subject: Re: hacked and wondering why?
> > >
> > >
> > > John,
> > >
> > > Check out Microsoft's technet article "MS Internet Information Server
> 4.0
> > > Security Checklist", specifically the "Move and ACL Critical
> > > Files" section.
> > >
> > > http://www.microsoft.com/technet/iis/technote/iischeck.asp
> > >
> > > Here's another article that says the same thing.
> > >
> > > http://www.microsoft.com/technet/security/datavail.asp
> > >
> > >
> > > "Place all commonly used administrative tools in a special
> > > directory out of
> > > %systemroot% and ACL them so that only administrators have full access
> to
> > > these files. For example create a directory called \CommonTools and
> place
> > > the following files in there."
> > > They list a number of programs that an intruder might play havoc with,
> > > including regedt32.exe, ftp.exe, telnet.exe, ping.exe, etc. Actually,
> > > there's probably little reason to even have many of them
> installed on a
> > > server.
> > >
> > > Jim
> > >
> > >
> > > ----- Original Message -----
> > > From: "John Cesta - Lists" <[EMAIL PROTECTED]>
> > > To: "CF-Server" <[EMAIL PROTECTED]>
> > > Sent: Monday, March 26, 2001 12:57 PM
> > > Subject: hacked and wondering why?
> > >
> > >
> > > > On the 24th our ISP pulled the plug on our co-located servers. They
> said
> > > our
> > > > servers were pumping 20 mbs each of data through the network. Upon
> > > > investigation, we found around 20 ping.exe processes running in the
> task
> > > > manager. As soon as we rebooted, the ping.exe processes
> were gone and
> > > > everything was fine. The ping processes were pinging yahoo.com BTW.
> > > >
> > > > One of the network engineers at the center said that he was
> > > familiar with
> > > > this hack. He said that:
> > > >
> > > > "There is a program out on the net called Win Management, with
> > > it a hacker
> > > > can "sneak" into the FTP port (as he explained it, they ride on the
> > > > coat-tails of an active FTP user), then they run rsh.exe
> and spawn the
> > > > ping.exe processes."
> > > >
> > > > I was wondering if this is in fact an exploit in Serv-u (which
> > > we use) or
> > > > any FTP server for that matter.
> > > >
> > > > What we did, anyway, was to change the FTP port from 21 to a higher
> > > >value.
> > >
> > >
> > >
> > >
> > >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
