PLEASE help! My system's have been compromized!!

[Jed Davis]

Andrew Meredith <andrew@anvil.org> writes:

> IRC has standardised ports at tcp/udp 6667. There is no guarantee that
> this is the port that would be used, if the assailant has a tame IRC
> server that uses a different port. However I am told that they don't
> tend to do this as it would allow them to be traced from the connection
> credentials burnt into any captured Bots.
> 

I've seen legitimate, uncompromised IRC servers that listen on
nonstandard ports, like 6666, or 666[0-9], or 777[0-9], etc.  So (at
least as far as I know) the lack of anything on port 6667 might not
mean no IRC traffic.

--Jed

-- 
"But life wasn't yes-no, on-off.  Life was shades of gray, and rainbows
not in the order of the spectrum."   -- L. E. Modesitt, Jr., _Adiamante_

sub f{(($n,$d,@_)=@_)?(substr(" ExhortJavelinBus",$n&&$d/$n,1),$n?f($d%$n,$
n,@_):&f):("\n")}print f 1461,10324,55001,444162,1208,1341,5660480,79715997