[lug] Attempted hack from

John Hernandez John.Hernandez at noaa.gov
Wed Apr 24 10:42:45 MDT 2002

An easy way to find out would be to scan it with your favorite Windows 
Antivirus software.

But the real reason for my reply is to urge you to seek an alternative 
to the anonymous ftp upload situation you have in place.  It's 
generally accepted to be a bad thing.  If you WANT someone to put 
something there, it's usually easy enough to send them some account 
information.  You could even use a simple one-time password solution 
like S/Key (OPIE).

Paul Bille wrote:

> Apr 21 13:55:46 liz ftpd[27511]: ANONYMOUS FTP LOGIN FROM
> lns01v-6-153.w.club-internet.fr [], anonymous at on.the.net
> Sun Apr 21 13:57:05 2002 35 lns01v-6-153.w.club-internet.fr 28160
> /var/ftp/incoming/love.exe b _ i a anonymous at on.the.net ftp 0 * c
> -rwxrwxr-x    1 ftp      ftp         28160 Apr 21 13:57 love.exe
> The executable is smaller than W95.SoFunny.Worm at m so I don't know what it
> is.  Has anyone else seen anything like this?


   - John Hernandez - Network Engineer - 303-497-6392 -
  |  National Oceanic and Atmospheric Administration   |
  |  Mailstop R/OM12. 325 Broadway, Boulder, CO 80305  |

More information about the LUG mailing list