Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why attacker install irc after hacking?

From: KarMax <karmax () gmail com>
Date: Thu, 20 Apr 2006 21:49:47 -0300
On 4/20/06, Monty Ree <chulmin2 () hotmail com> wrote:

I can't understand
Why attackers installed and executed irc program?


Its a kiddo thing. They "randomly" attack a server, then, after do
some stuff, they install a bouncer (BNC) or an eggdrop (a bot).
Why? well sometimes to presume, other times to spoof they ip address
on the irc server, etc.
Basically they use the BNC (on the compromised host) as a proxy
between he and the irc server ( i.e. chat.freenode.net ).



Why attackers use irc after hacking?


Because they are to0 l33ter and want to presume on the (irc)universe.
That's the most common answer, but there are other reasons.... like be
an asshole.



Just chatting is not...I guess..


No, is not chatting, because they can do "other" things like: set a
funny vhost, avoid being banned (this really depends on the op), use a
bot (eggdrop) to control channels, etc. etc.

Take a look at this 2 links for (basic)definitions:
 http://en.wikipedia.org/wiki/Eggdrop
 http://en.wikipedia.org/wiki/Bouncer_%28IRC%29

Good bye



--
Gonzalo Martinez
Jabber: KarMax () jabber org
Previous By Date Next
Previous By Thread Next

Current thread: