|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Snort-users] Compromising Packet...
From: Dusty Hall (halljer
auburn.edu)
Date: Mon Jan 26 2004 - 11:38:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm curious to know if anyone has seen anything like this before. A few
packets were sent to port 2502... a few seconds later port 2503 was
opened up with Serv-U installed; tlist.exe and kill.exe were uploaded
and then they had a shell. After that it looks like "SUB0T" was setup,
irc channel and pass were captured in other packets. Its supposedly an
XP system with current patches.
Any help would be greatly appreciated. The the first packet Snort
captured is attached..
Thanks,
-Dusty
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- text/plain attachment: comp.txt
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]