Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IRC, IM Proxy Implementations

From: Mike Iglesias <iglesias () DRACO ACS UCI EDU>
Date: Fri, 3 Sep 2004 07:48:28 -0700
I regularly see the IRCd on a non-standard port. I'm currently tracking
botnets using 5555/tcp, 61637,tcp, 19899/tcp, 18067/tcp, 4356/tcp,
13001/tcp, and 65535/tcp. And these are only the non-standard ones I've
seen used in the past 4 days; I've seen many, many more ports used in
the past. Put simply, if you solely are counting on your port filtering
to prevent these worm-bots, you are failing already.


You can add 5432/tcp and 5657/tcp to your list - I've seen those two used in
botnets yesterday.


Mike Iglesias                          Email:       iglesias () draco acs uci edu
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2069

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: