Educause Security Discussion mailing list archives
Re: IRC, IM Proxy Implementations
From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 8 Sep 2004 12:14:58 -0400
Mark Wilson wrote:
Concerning port 113, regular scans of our network for port 113 has uncovered many bots. One "tool" you may wish to use is expect. I have written an expect script that telnets into port 113 and performs a <CR> to get the familiar: spawn telnet 131.204.x.x 113 Trying 131.204.x.x ... Connected to 131.204.x.x. Escape character is '^]'. : USERID : UNIX : ggdmlnfa ^] This confirms PC is Bot-ed. After scanning port 113, dump the IPs (with port 113 open) to a file. The expect script reads the IP file to "automate" the process.
Out of curiosity, has anyone tried an nmap -V on these servers? -- Gary Flynn Security Engineer James Madison University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: IRC, IM Proxy Implementations, (continued)
- Re: IRC, IM Proxy Implementations John Kristoff (Sep 03)
- Re: IRC, IM Proxy Implementations John Kristoff (Sep 03)
- Re: IRC, IM Proxy Implementations H. Morrow Long (Sep 03)
- Re: IRC, IM Proxy Implementations Mike Porter (Sep 05)
- Re: IRC, IM Proxy Implementations Mark Wilson (Sep 08)
- Re: IRC, IM Proxy Implementations Justin Azoff (Sep 08)
- Re: IRC, IM Proxy Implementations Mark Wilson (Sep 08)
- Re: IRC, IM Proxy Implementations Hearn, David L. (Sep 08)
- Re: IRC, IM Proxy Implementations Daniel Adinolfi (Sep 08)
- Re: IRC, IM Proxy Implementations Richard Gadsden (Sep 08)
- Re: IRC, IM Proxy Implementations Gary Flynn (Sep 08)
- Re: IRC, IM Proxy Implementations Mark Wilson (Sep 08)
- Re: IRC, IM Proxy Implementations Justin Azoff (Sep 08)
- Re: IRC, IM Proxy Implementations H. Morrow Long (Sep 08)
- Re: IRC, IM Proxy Implementations Herrera Reyna Omar (Sep 08)
- Re: IRC, IM Proxy Implementations Eric Pancer (Sep 08)
- Re: IRC, IM Proxy Implementations Gary Flynn (Sep 08)
- Re: IRC, IM Proxy Implementations H. Morrow Long (Sep 08)
- Re: IRC, IM Proxy Implementations Mark Wilson (Sep 08)