Re: IRC-bots: what are they for ?

[filipg () CORONA EPS PITT EDU (Filip M. Gieszczykiewicz)]

On Wed, 12 Jan 2000, Jens Hektor wrote:
> is anybody out there who could explain to me why on nearly
> every cracked machine I get in touch with the crackers
> have installed IRC-bots, most of the time "eggdrop" ?
> What practical use can taken by installing a bot on a cracked machine ?
> Does it give any backdoors to the system (file access,
> interactive access, monitoring, etc) ?
> Is such a bot possibly part of a larger communication
> infrastructure, maybe like the tfn/trinoo/stacheldraht
> thingie  ?

How else does Joe Skrip'kiddie let his buddies know (and be able to
prove!) that he rooted said machine?

It's primarily a peeing contest.

Speaking of a recent host to 2 IRC bots (and all that's implied) we now
have nixed in.ftpd and in.telnetd from our main servers and are running
sshd2/sshd1 exclusively. We will eventually have an 'insecure' telnet/ftp
site that will then ssh2 into the rest of the dept. Lesson learned!

Cheers,
Filip G.

Filip "I'll buy a vowel" Gieszczykiewicz  |  http://www.repairfaq.org/
                                             (filipg () corona eps pitt edu)
I am the river itself and the leaf floating its currents.
I am steering. I am swept. I am.