Dear [EMAIL PROTECTED], Information was received from Kaspersky Labs, there is increased activity on TCP/389 (LDAP) port. Analysis of captured packet demonstrates attempt to exploit IPSwitch IMail LDAP vulnerability. Packet contains universal reverse shell shellcode. Trojan is installed on owned host (listens on TCP/21 and pretends to be wu-ftpd).
Best solution is to filter TCP/389. -- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles) +-------------o66o--+ / |/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
