[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Re: Backdoor over http(s)??



Hi

Well, actually the 218-machine has an open smtp-port, and accepts whatever You 
can imagine.. I sent already a message to "all" there about these findings...

And the domain where this IP is, is somewhere in far-east, at least what I can 
tell about the bird-feet chars that comes up there...

Jaska.


Tobias Weisserth kirjoitti viestissään (lähetysaika Tiistai 13. Tammikuuta 
2004 18:52):
> Hello Mark,
>
> Am Die, den 13.01.2004 schrieb Retallack, Mark (Siemens) um 17:27:
> > As far has I can tell there are 2 IP address that we have:
> >
> > 218.234.171.84 - From where the files are downloaded
> > 163.17.51.8    - Where the application connects to when it is run on the
> > compromised machine.
>
> Ah. I didn't notice there are two machines involved here. Is there a way
> to find out who is running those machines and send along a message to
> shut down one of them so that this scriptkiddy has to look for another
> victim?


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here