I've been following this conversation and got some nice tips from you guys,
thanks!
I would like to know how hackers can "listen" to TCP/IP ports... What kind
of tools do they use?
Regards.
Ricardo Villalobos
Dimasys, Inc.
> -----Original Message-----
> From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
> Sent: Monday, March 26, 2001 7:15 PM
> To: CF-Server
> Subject: RE: hacked and wondering why?
>
>
> > What I don't get is why would someone with full FTP access wreak
> > having with
> > a Denial of Service attack pinging Yahoo which everyone knows has
> > very good
> > MDA's and routers to turn back unnecessary packets...
>
> just because they could, I suppose....
>
>
>
> > -----Original Message-----
> > From: Brian Thornton [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, March 26, 2001 7:56 PM
> > To: CF-Server
> > Subject: Re: hacked and wondering why?
> >
> >
> > What I don't get is why would someone with full FTP access wreak
> > having with
> > a Denial of Service attack pinging Yahoo which everyone knows has
> > very good
> > MDA's and routers to turn back unnecessary packets...
> > ----- Original Message -----
> > From: "John Cesta - Lists" <[EMAIL PROTECTED]>
> > To: "CF-Server" <[EMAIL PROTECTED]>
> > Sent: Monday, March 26, 2001 4:53 PM
> > Subject: RE: hacked and wondering why?
> >
> >
> > > > They list a number of programs that an intruder might play
> havoc with,
> > > > including regedt32.exe, ftp.exe, telnet.exe, ping.exe, etc.
> Actually,
> > > > there's probably little reason to even have many of them
> > installed on a
> > > > server.
> > >
> > > Yea, we just removed most of them.
> > >
> > > thanks,
> > >
> > > John
> > >
> > > > -----Original Message-----
> > > > From: Jim McAtee [mailto:[EMAIL PROTECTED]]
> > > > Sent: Monday, March 26, 2001 6:19 PM
> > > > To: CF-Server
> > > > Subject: Re: hacked and wondering why?
> > > >
> > > >
> > > > John,
> > > >
> > > > Check out Microsoft's technet article "MS Internet
> Information Server
> > 4.0
> > > > Security Checklist", specifically the "Move and ACL Critical
> > > > Files" section.
> > > >
> > > > http://www.microsoft.com/technet/iis/technote/iischeck.asp
> > > >
> > > > Here's another article that says the same thing.
> > > >
> > > > http://www.microsoft.com/technet/security/datavail.asp
> > > >
> > > >
> > > > "Place all commonly used administrative tools in a special
> > > > directory out of
> > > > %systemroot% and ACL them so that only administrators have
> full access
> > to
> > > > these files. For example create a directory called \CommonTools and
> > place
> > > > the following files in there."
> > > > They list a number of programs that an intruder might play
> havoc with,
> > > > including regedt32.exe, ftp.exe, telnet.exe, ping.exe, etc.
> Actually,
> > > > there's probably little reason to even have many of them
> > installed on a
> > > > server.
> > > >
> > > > Jim
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "John Cesta - Lists" <[EMAIL PROTECTED]>
> > > > To: "CF-Server" <[EMAIL PROTECTED]>
> > > > Sent: Monday, March 26, 2001 12:57 PM
> > > > Subject: hacked and wondering why?
> > > >
> > > >
> > > > > On the 24th our ISP pulled the plug on our co-located
> servers. They
> > said
> > > > our
> > > > > servers were pumping 20 mbs each of data through the network. Upon
> > > > > investigation, we found around 20 ping.exe processes
> running in the
> > task
> > > > > manager. As soon as we rebooted, the ping.exe processes
> > were gone and
> > > > > everything was fine. The ping processes were pinging
> yahoo.com BTW.
> > > > >
> > > > > One of the network engineers at the center said that he was
> > > > familiar with
> > > > > this hack. He said that:
> > > > >
> > > > > "There is a program out on the net called Win Management, with
> > > > it a hacker
> > > > > can "sneak" into the FTP port (as he explained it, they
> ride on the
> > > > > coat-tails of an active FTP user), then they run rsh.exe
> > and spawn the
> > > > > ping.exe processes."
> > > > >
> > > > > I was wondering if this is in fact an exploit in Serv-u (which
> > > > we use) or
> > > > > any FTP server for that matter.
> > > > >
> > > > > What we did, anyway, was to change the FTP port from 21
> to a higher
> > > > >value.
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> >
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
