RE: Hacked@!!@!!

Zachary Uram Thu, 05 Jul 2001 12:21:55 -0700
what if something uploaded at 4aM? u supposed rush in to work and
block the warez sender's site and delete the bogus upload?

On Thu, 5 Jul 2001, Ken McKinlay wrote:

> That's not the only one. The company requires anonymous upload capability
> due to vendor requirements :(
> 
> Anonymous uploads are set up so that they can be written to a specific
> directory but not viewed. Also any files placed there are moved within 10
> minutes to a holding disk after which the FTP Admin (me) gets notified of
> incoming traffic. Additionally the system is monitored by an IDS. That way I
> can keep the company happy and can also nail the SOBs that look for unwary
> sites in which to store their warez.
> 
> 
> Ken McKinlay
> 613-599-9199 x506 
> [EMAIL PROTECTED]
> 
> 
> 
> > -----Original Message-----
> > From: Jose Nazario [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 05, 2001 15:11
> > To: Ken McKinlay
> > Cc: [EMAIL PROTECTED]
> > Subject: re: Hacked@!!@!!
> > 
> > 
> > On Thu, 5 Jul 2001, Ken McKinlay wrote:
> > 
> > > It looks like you were initially probed by Grim's Ping. The tool can
> > > be found at http://grimsping.cjb.net/. I ran into it about 7 months
> > > ago and set up a blocker on our FTP site to prevent logins using
> > > [EMAIL PROTECTED] The tool basically searches for writable 
> > and readable
> > > areas on FTP sites.
> > 
> > is that the only block you did? remind me to change the login 
> > to something
> > different to get past your check. :P
> > 
> > like any eploit or vulnerability, its easy to identify one 
> > simple thing
> > and block on it, ie a login name ([EMAIL PROTECTED]). thats not security,
> > though. the right fix is to kill anonymous uploads (and 
> > retrievals, if you
> > need a drop point make it write only, no reads), mkdir for anonymous
> > folks, etc ...
> > 
> > thats the problem. we see this on lots of FTP servers, 
> > various forms of it
> > (ie TEST345 dir creation and tatging etc ...). its just warez pups.
> > 
> > ____________________________
> > jose nazario                                                     
> > [EMAIL PROTECTED]
> >                  PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 
> > 48 A0 07 80
> >                                    PGP key ID 0xFD37F4E5 
> > (pgp.mit.edu)
> > 
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
> 


[EMAIL PROTECTED]
"Blessed are those who have not seen and yet have faith." - John 20:29

_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
RE: Hacked@!!@!!

Reply via email to
