PLEASE help! My system's have been compromized!!
Mon, 16 Jul 2001 01:20:58 +0200
That sounds interesting! How would I detect such traffic? Do all IRC traffic
use dedicated ports or do they differ somehow?
----- Original Message -----
From: "Andrew Meredith" <email@example.com>
Sent: Monday, July 16, 2001 1:08 AM
Subject: Re: PLEASE help! My system's have been compromized!!
> > Pontus Edvardsson wrote:
> > I just installed Nessus on a Debian 2.2r3 box and it almost imediately
> > found two trojans on my w2k box... Distributed attack tools
> You might also like to bear in mind that a number of these DDoS tools
> float in through email attached executables and other such loopholes. If
> I am also given to understand that it is quite popular to control the
> implanted machine via IRC. As soon as the tool kicks off, it opens a
> connection to a hidden IRC channel and waits for instructions. Maybe you
> should scan for outgoing IRC connections. If you have no intention of
> using IRC yourself, you might even like to drop and log outgoing IRC
> connection setup packets.
> Andy M