Security Incidents mailing list archives

Re: backdoor or bot?

From: Robert van der Meulen <rvdm () CISTRON NL>
Date: Wed, 27 Dec 2000 18:45:31 +0100

Quoting Jon Lewis (jlewis () LEWIS ORG):

 Property of PainKeeper !  Use with extreme care...  ...incoming shell...
painkeeper login:
My guess is, this is a backdoor.

My guess is it's an eggdrop bot :)

Try to see if the process that bind()'s to that port also binds to some irc
server - and if there are some bot-ish config files in the directory the
process runs from (or files the process has opened)

Greets,
        Robert

--
|      rvdm () cistron nl - Cistron Internet Services - www.cistron.nl        |
|          php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security             |
|         My statements are mine, and not necessarily cistron's.           |
   Nine out of ten men who preferred Camels have switched back to women.

Current thread:

backdoor or bot? Jon Lewis (Dec 27)
- Re: backdoor or bot? Robert van der Meulen (Dec 27)
  - Re: backdoor or bot? Dave Dittrich (Dec 27)
- Re: backdoor or bot? Daniel Wittenberg (Dec 27)
  - Re: backdoor or bot? Aviram Jenik (Dec 27)
  - Re: backdoor or bot? Mark Symonds (Dec 28)
    - Re: backdoor or bot? George Milliken (Dec 28)
    - Re: backdoor or bot? Mark Collins (Dec 28)
- <Possible follow-ups>
- Re: backdoor or bot? Jon Lewis (Dec 27)
  - Re: backdoor or bot? Patrick Oonk (Dec 28)
- Re: backdoor or bot? Calhoun, Heath (Dec 27)