|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: IRC bot?
From: Carlos Eduardo Pinheiro (cabeca
phreaker.net)
Date: Tue Sep 16 2003 - 11:12:46 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
That "W4A" string probably mean "warez for(4) all" and it may be something
like a IRC Bot serving files for download or something like that, and that
opened port is for administration like an eggdrop, well, a googled for it
and found nothing and i never seen it before...
That "220" replies act like an FTP server..very strange.. you should take a
closer look at that machine.. good luck..
Carlos Eduardo Pinheiro - cabecagmx.net - ICQ#: 134439332
----- Original Message -----
From: "Bryan Miller" <BMillersycomtech.com>
To: <pen-testsecurityfocus.com>
Sent: Tuesday, September 16, 2003 12:33 AM
Subject: IRC bot?
> During a pen test yesterday I came across TCP port 6501. Upon connecting
to it via Netcat, I received the following screen:
>
> 220-W4A BotServ 2.0
> 220-==============================================
> 220-You are Connecting From x.x.x.x
> 220-The Local time is 23:20:03,
> 220-14 users have visited in the last 24 hours.
> 220-This server has been running for
> 220-39 Days, 13 Hours, 28 Mins, 6 Secs
> 220-==============================================
> 220-Amout of Logins Since Server Started: 0 total
> 220-Logged in Users: 1
> 220-Total Kb downloaded: 0 Kb
> 220-Total Kb uploaded: 0 Kb
> 220-Amout of Files downloaded: 0
> 220-Amout of Files uploaded: 0
> 220-Average Speed: 0.000 Kb/sec
> 220-Current Speed: 0.000 Kb/sec
> 220-Free Disk Space: 187.18 MB
> 220 ==============================================
>
> Has anyone seen this before? Am I correct in assuming it's some form of
IRC bot? If so, how do I talk to it to verify? Does it have some
interesting uses?
>
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]