OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: John Sage (jsagefinchhaven.com)
Date: Tue Nov 13 2001 - 10:41:58 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Brice et al:

    You might find this interesting:

    http://www.lockdowncorp.com/bots/gtbot.html

    This is about the GT (Global Threat) bot, and goes into great detail
    about how IRC bot are set up on host computers.

    Somewhere in there is a discussion of joining a server with no channels
    but mass users signed on, I think...

    Also, you might check your system for the presence of the files it
    lists.. ;-)

    HTH..

    - John

    Brice Carlson wrote:

    > Yes, matter of fact i have and i can tell you why... Recently i was
    > bored. So i decided to delete alot my virus scanner, firewalls, and my
    > IDS. And i also opened up my file and print shares.(running windows95)
    > With in 15 minutes I could no longer surf the net. I am running a
    > 28.8(Don't give me this 56ks are cheap talk) So i opened up file/search
    > i had some new *programs* on my computer. It scans for subseven. I also
    > noticed that i had a connection on port 6667 (irc) Ip address
    > 66.26.92.28. But anyways i tried connecting to this server. i did and...
    > There was NO Channels. but like 324 users on it... So i'm imagining that
    > is 324 compromised systems(?) I also let the program run a while (sorry
    > guys) to find out if someone would connect over Subseven. no one ever
    > did though, even though i had it on my system. I still have all the
    > programs on this system i just have a firewall not letting them get
    > through. If anyone wanted to look into the programs that i have... I'd
    > be happy to send them the files. Just send me an email. One of them is
    > the program that they use to communicate to the IRC channel and you very
    > well know the other.
    >
    > Brice Carlson
    >
    >
    >>
    >> Anyone notice an increase in port scans to 27374 in the last week? I
    >> noticed several, all from different addresses.
    >>
    >> Leon
    >>
    >> ----------------------------------------------------------------------------
    >>
    >> This list is provided by the SecurityFocus ARIS analyzer service.
    >> For more information on this free incident handling, management
    >> and tracking system please see: http://aris.securityfocus.com
    >>
    >
    >
    > _________________________________________________________________
    > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
    >
    >
    > ----------------------------------------------------------------------------
    >
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management and
    > tracking system please see: http://aris.securityfocus.com
    >
    >
    > 

    -- 
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsagefinchhaven.com
"The web is so, like, five minutes ago..."

    ----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com