Security Basics mailing list archives
Re: irc port open on 6668/tcp and 6667/tcp
From: Mike Dresser <mdresser () windsormachine com>
Date: Tue, 11 Feb 2003 13:08:57 -0500 (EST)
On Tue, 11 Feb 2003, [iso-8859-1] Harish Gondavale wrote:
Hi all, We are having two NT 4 domain controller servers, PDC & BDC. Both are used as resource domain controllers, print and file servers. Same applications like quota manager, hp jet direct software, are installed on both the servers. Recently I was trying nampwin 1.3.1 and found that out of these servers, PDC has open tcp port on 6667 & 6668 for irc. I tried to search some information on internet and found that there are some trojans also, which open these ports.
Well, connect to the port, and see what it says. It could also be your battery backup software if you use APC PowerChute, which uses ports 6667 and 6668 as well If you connect to it and it just sits there stupidly, it's likely powerchute, whereas an IRC server will spit a bunch of text at you. And then there's whatever a trojan would do. But my first check would be for powerchute software. Mike
Current thread:
- Compromised Server Project Hunt, Jim (Feb 10)
- <Possible follow-ups>
- RE: Compromised Server Project Anthony, Shayla (Feb 10)
- RE: Compromised Server Project Shanna Daly (Feb 10)
- irc port open on 6668/tcp and 6667/tcp Harish Gondavale (Feb 11)
- Re: irc port open on 6668/tcp and 6667/tcp Mike Dresser (Feb 12)
- irc port open on 6668/tcp and 6667/tcp Harish Gondavale (Feb 11)
- RE: Compromised Server Project Anders Reed Mohn (Feb 11)
- RE: Compromised Server Project s7726 (Feb 12)
- Re: Compromised Server Project Brian Wojtczak ( Lawyers Online ) (Feb 12)