On Sun, 25 Feb 2001, Wei-shi Tsai wrote:
> 1. I was setting up a Linux box for one of my friends. As I was
> purusing the logs one day, I see this:
>
<logs>
>
> After this, I closed off the anonymous access (which I should have done
> in the first place). Could someone explain this?
>
It looks like some script-kiddie was trying an exploit involving a buffer
overflow. I would not use wu-ftpd, or any Wash U-created servers. They all
have had many problems. Even using their clients are a risk. I have heard
pro-ftpd is decent. (You can see /bin/sh in the "shellcode". The guy was
trying to get a root shell.)
Closing off anonymous access won't necessarily protect you from a buffer
overflow.
And if you are using ftp for non-anonymous access, passwords can be
sniffed. I suggest using sftp or scp or something more secure.
IIWY, I would report this guy to the MIT network staff. It looks like the
kiddie was dumb enough to even give you his username. I might not report a
trully clued hack attempt, but this is just obnoxious amateurism.
HTH.
Paul
--
So, what's with this guy Gideon, anyway? And why can't he ever
remember his Bible?
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
