Security Incidents mailing list archives
Re: backdoor or bot?
From: Robert van der Meulen <rvdm () CISTRON NL>
Date: Wed, 27 Dec 2000 18:45:31 +0100
Quoting Jon Lewis (jlewis () LEWIS ORG):
Property of PainKeeper ! Use with extreme care... ...incoming shell... painkeeper login: My guess is, this is a backdoor.
My guess is it's an eggdrop bot :) Try to see if the process that bind()'s to that port also binds to some irc server - and if there are some bot-ish config files in the directory the process runs from (or files the process has opened) Greets, Robert -- | rvdm () cistron nl - Cistron Internet Services - www.cistron.nl | | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | Nine out of ten men who preferred Camels have switched back to women.
Current thread:
- backdoor or bot? Jon Lewis (Dec 27)
- Re: backdoor or bot? Robert van der Meulen (Dec 27)
- Re: backdoor or bot? Dave Dittrich (Dec 27)
- Re: backdoor or bot? Daniel Wittenberg (Dec 27)
- Re: backdoor or bot? Aviram Jenik (Dec 27)
- Re: backdoor or bot? Mark Symonds (Dec 28)
- Re: backdoor or bot? George Milliken (Dec 28)
- Re: backdoor or bot? Mark Collins (Dec 28)
- <Possible follow-ups>
- Re: backdoor or bot? Jon Lewis (Dec 27)
- Re: backdoor or bot? Patrick Oonk (Dec 28)
- Re: backdoor or bot? Calhoun, Heath (Dec 27)
- Re: backdoor or bot? Robert van der Meulen (Dec 27)