Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IRC, IM Proxy Implementations

From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 8 Sep 2004 12:14:58 -0400
Mark Wilson wrote:


Concerning port 113, regular scans of our network for port 113 has
uncovered many bots.  One "tool" you may wish to use is expect.  I have
written an expect script that telnets into port 113 and performs a <CR>
to get the familiar:

spawn telnet 131.204.x.x 113
Trying 131.204.x.x ...
Connected to 131.204.x.x.
Escape character is '^]'.

 : USERID : UNIX : ggdmlnfa
^]
This confirms PC is Bot-ed.

After scanning port 113, dump the IPs (with port 113 open) to a file.
The expect script reads the IP file to "automate" the process.


Out of curiosity, has anyone tried an nmap -V on these
servers?




--
Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: