Security Incidents mailing list archives
Re: IRC-bots: what are they for ?
From: tyler () ENJOY-UNIX ORG (tyler)
Date: Wed, 12 Jan 2000 14:03:50 -0700
It's never stopped to amaze me how willing crackers are to leave a direct trail to theirselves. If you open up the eggdrop's userfile you could get the IP address of the person who cracked you pretty easily. Anyway, as far as your question goes it is pretty much a vanity thing. Big "bot-nets" make people feel cool I guess. Backdoors? I wouldn't think so, but it might be a good idea just to portscan yourself really quickly and check out and unusual ports that may be open. Eggdrop requires one port to be open for it I believe. I'm running an eggdrop from my machine and heres what it looks like (information collected with nmap): 5050 open tcp mmcc So that's a normal port to be open if there is an eggdrop running. Overall, you should be worrying about securing those cracked machines than figuring out why all those eggdrops are on em ;-) Tyler Jens Hektor wrote:
Hi, is anybody out there who could explain to me why on nearly every cracked machine I get in touch with the crackers have installed IRC-bots, most of the time "eggdrop" ? What practical use can taken by installing a bot on a cracked machine ? Does it give any backdoors to the system (file access, interactive access, monitoring, etc) ? Is such a bot possibly part of a larger communication infrastructure, maybe like the tfn/trinoo/stacheldraht thingie ? In hope for clarification, irc-ignorant Jens Hektor
Current thread:
- Re: Port 4, (continued)
- Re: Port 4 Keith Owens (Jan 10)
- Re: Port 4 Sean Sosik-Hamor (Jan 11)
- Re: Port 4 Philipp Buehler (Jan 11)
- Re: Port 4 Sean Sosik-Hamor (Jan 11)
- Re: Port 4 Boris Badenov (Jan 11)
- IRC-bots: what are they for ? Jens Hektor (Jan 12)
- Re: IRC-bots: what are they for ? Jon Paul, Nollmann (Jan 12)
- Re: IRC-bots: what are they for ? SecOrg (Jan 12)
- Re: IRC-bots: what are they for ? Ninja Information Systems. (Jan 12)
- Re: IRC-bots: what are they for ? Jens Hjalmarsson (Jan 12)
- Re: IRC-bots: what are they for ? tyler (Jan 12)
- Re: IRC-bots: what are they for ? David Brumley (Jan 12)
- Re: IRC-bots: what are they for ? The Undernet Bonk (Jan 12)
- Re: IRC-bots: what are they for ? Filip M. Gieszczykiewicz (Jan 12)
- Strange behaviour Belgarion of Riva (Jan 13)
- Re: Strange behaviour Richard Bejtlich (Jan 15)
- UDP probing [ trojan? ] mabrown () SECUREPIPE COM (Jan 17)
- Re: UDP probing [ trojan? ] Jose Nazario (Jan 18)
- Probe from UK Provider ? Duarte Cordeiro (Jan 18)
- Re: Probe from UK Provider ? Pauline van Winsen (Jan 19)
- Re: Probe from UK Provider ? Arrigo Triulzi (Jan 20)