Re: My sarge box has an IRC bot
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/10/07 11:53, Fran wrote:
> I've been told by my ISP that my sarge webserver (only port 80 open, all
> software up to date) is spewing traffic they're calling IRC_nick, which
> is apparantly some sort of IRC bot.
"IRC_nick" is really ambiguous. What port do they say it's coming from?
I'd also suggest you have a trustworthy friend do a thorough nmap of
your system.
> I'm unable to locate the file/files that are infected. Additionally, I
> can't see the process/processes for the bot when it's running.
>
> chkproc -v does reveal some hidden procs, but before I can kill them,
> they seem to go away.
>
> chkrootkit/rkhunter don't seem to see anything either.
>
> Any other suggestions?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFpT3MS9HxQb37XmcRAqAjAKDImKndXJu8AWKXd9zUM/lDVYIk9gCglMyk
vs1DSU50/AvTf8UI+jSRIRE=
=VBOu
-----END PGP SIGNATURE-----
Reply to: