Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Port 21 (tcp/udp) Attack Activity - SANS Internet Storm Center Port 21 (tcp/udp) Attack Activity

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port Information
Protocol Service Name
udp ftp File Transfer [Control]
tcp ftp File Transfer [Control]
tcp NetAdministrator [trojan] Net Administrator
tcp Ramen [trojan] Ramen
tcp RTB666 [trojan] RTB 666
tcp SennaSpyFTPserver [trojan] Senna Spy FTP server
tcp Traitor21 [trojan] Traitor 21
tcp [trojan]TheFlu [trojan] The Flu
tcp WebEx [trojan] WebEx
tcp WinCrash [trojan] WinCrash
tcp AudioGalaxy AudioGalaxy file sharing app
tcp MotIvFTP [trojan] MotIv FTP
tcp Larva [trojan] Larva
tcp BladeRunner [trojan] BladeRunner
tcp CattivikFTPServer [trojan] Cattivik FTP Server
tcp CCInvader [trojan] CC Invader
tcp DarkFTP [trojan] Dark FTP
tcp DolyTrojan [trojan] Doly Trojan
tcp Fore [trojan] Fore
tcp FreddyK [trojan] FreddyK
tcp InvisibleFTP [trojan] Invisible FTP
tcp Juggernaut42 [trojan] Juggernaut 42
tcp BackConstruction [trojan] Back Construction
[get complete service list]
Port diary mentions
Distributed FTPPort 21 scan follow-up; Port 23 scan increases;
FTP Vulnerability & Accompanying Activity
FTP-Brute Force Attacks and Password Management
User Comments
Submitted By Date
Johannes Ullrich 2007-02-12 12:31:02
A new very trivial exploit for telnet on Solaris 10/11 was made public Feb. 11th 2007.
Add a comment
CVE Links
CVE # Description
CVE-2014-7169 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.