[Snort-sigs] ftp exploit

Nathan W. Labadie ab0781 at ...334...
Thu Mar 7 19:32:15 EST 2002


Any idea what the attached ftp exploit is? We've been seeing a _lot_ of it 
lately. It currently shows up as "SHELLCODE x86 EB OC NOOP". I had 
initially noticed it because a successful attack (apparently against 
wu-ftpd, don't know the version) causes traffic with a src port of 21 and 
generates the alert "id check returned root". Any help would be 
appreciated.

Thanks,
Nate

-- 
Nathan W. Labadie       | ab0781 at ...334...	
Sr. Security Specialist | 313/577.2126
Wayne State University  | 313/577.1338 fax
C&IT Information Security Office: http://security.wayne.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ftp-exploit.cap
Type: application/octet-stream
Size: 1217 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20020307/7a370186/attachment.obj>


More information about the Snort-sigs mailing list