Is this possible?
Results 1 to 8 of 8

Thread: Is this possible?

  1. #1
    Member
    Join Date
    Apr 2002
    Posts
    51

    Is this possible?

    A guy on another message board I frequent has posed an interesting question and I'm not sure of the answer. He was investigating the IP address of an attacker who was messing with the OP of the thread I was reading and decided to connect to the FTP that was used to copy files to the OP's computer(not smart to begin with). He says he didnt download anything, only connected but since then, his computer has been acting weird and he suspects he got a virus or trojan. I'm not sure if thats possible... Can an FTP server covertly transfer files to your computer while you are connected? Maybe he was connected to a honeypot? Fill me in guys!

  2. #2
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Yes.

    Quite a few Web Browser and FTP Exploits work by having a person connect to them, and then the server has something on it where every connect runs whatever they have it set to do...

    Also note this doesn't matter what OS you're running, this little idea works on everything. Next time you install a patch read what it's preventing. Most fo the time patches for IE and other web browser and clients are being patched against a flaw that allows something to happen when the person tries to visit a malicious site.

    Email attacks work in much the same way. You open the email someone sends you and poof.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  3. #3
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    he connected to a computer that was not his own
    and NOW he wants to know IF that computer could D/L something

    if you connected as anonymous [no login / account requirements]
    and could see around the files

    then 'it' could see around yours

    does your 'friend' have any security routine ?
    does he have ANY security ? F/W / A/V / spybot etc

    either way, to start to check out his PC click here
    for a basic tutorial on checking for, and clearing the baddies

    specifically HJT

    tut for THAT is here

    chances are it's NOT contaminated
    BUT we don't DO coincidence
    and it's better to be safe than sorry

    to return to the first line again :

    he connected to a computer that was not his own
    and NOW he wants to know IF that computer could D/L something
    NEXT time : if in doubt - DON'T

    start to learn some basic online security tips and tricks
    OR start saving for a new PC
    cos the one you are on ain't going to grow old
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmm, c'mon Foxy~

    cos the one you are on ain't going to grow old
    Of course it will, as you also suggested he just needs to learn a few basics.............. I would suggest that reformat and reinstall would be a good place to start in his instance
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    agreed on the F+I route

    but as he will probably have to go there anyway
    why not learn something from this

    like how to try and clean a PC

    maybe buying a new one would be the easy option
    but we don't do easy
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  6. #6
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    Lotta paranoia here. Anybody got any hard info on whether
    an FTP client could be vulnerable to exploit just from logging
    on anonymous. Not a common occurance I'd bet.

    Download and run something, now there's a risk.
    I came in to the world with nothing. I still have most of it.

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi rcgreen , yes, I have seen this but did not pay too much attention to the detail, as it was kinda expected?

    Your logon may be "anonymous" but please remember that it is also very specific ?

    It is probably not that common "yet"?

    In fact, if you don't troll WAREZ sites, and you don't troll GAMEZ sites and you don't jerk to pr0n sites, I doubt if you would ever see it

    I do not consider these to be "exploits", more like stupid £$$%^&* getting themselves into trouble that they deserve.............. I love it, very good for business and I do CHARGE

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    Member
    Join Date
    Apr 2002
    Posts
    51
    Of course, browser/client vulnerabilities. They client downloads a directory listing among other things. Guess that was an obvious one. Dont worry, I'm not in need of tips on cleaning a system or safe security measures, I wasnt the moron who connected to an unknown ftp server. I was just asking out of curiousity.

    Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •