Security Incidents mailing list archives
Re: IRC-bots: what are they for ?
From: filipg () CORONA EPS PITT EDU (Filip M. Gieszczykiewicz)
Date: Wed, 12 Jan 2000 19:18:42 -0500
On Wed, 12 Jan 2000, Jens Hektor wrote:
is anybody out there who could explain to me why on nearly every cracked machine I get in touch with the crackers have installed IRC-bots, most of the time "eggdrop" ? What practical use can taken by installing a bot on a cracked machine ? Does it give any backdoors to the system (file access, interactive access, monitoring, etc) ? Is such a bot possibly part of a larger communication infrastructure, maybe like the tfn/trinoo/stacheldraht thingie ?
How else does Joe Skrip'kiddie let his buddies know (and be able to prove!) that he rooted said machine? It's primarily a peeing contest. Speaking of a recent host to 2 IRC bots (and all that's implied) we now have nixed in.ftpd and in.telnetd from our main servers and are running sshd2/sshd1 exclusively. We will eventually have an 'insecure' telnet/ftp site that will then ssh2 into the rest of the dept. Lesson learned! Cheers, Filip G. Filip "I'll buy a vowel" Gieszczykiewicz | http://www.repairfaq.org/ (filipg () corona eps pitt edu) I am the river itself and the leaf floating its currents. I am steering. I am swept. I am.
Current thread:
- Re: Port 4, (continued)
- Re: Port 4 Sean Sosik-Hamor (Jan 11)
- Re: Port 4 Boris Badenov (Jan 11)
- IRC-bots: what are they for ? Jens Hektor (Jan 12)
- Re: IRC-bots: what are they for ? Jon Paul, Nollmann (Jan 12)
- Re: IRC-bots: what are they for ? SecOrg (Jan 12)
- Re: IRC-bots: what are they for ? Ninja Information Systems. (Jan 12)
- Re: IRC-bots: what are they for ? Jens Hjalmarsson (Jan 12)
- Re: IRC-bots: what are they for ? tyler (Jan 12)
- Re: IRC-bots: what are they for ? David Brumley (Jan 12)
- Re: IRC-bots: what are they for ? The Undernet Bonk (Jan 12)
- Re: IRC-bots: what are they for ? Filip M. Gieszczykiewicz (Jan 12)
- Strange behaviour Belgarion of Riva (Jan 13)
- Re: Strange behaviour Richard Bejtlich (Jan 15)
- UDP probing [ trojan? ] mabrown () SECUREPIPE COM (Jan 17)
- Re: UDP probing [ trojan? ] Jose Nazario (Jan 18)
- Probe from UK Provider ? Duarte Cordeiro (Jan 18)
- Re: Probe from UK Provider ? Pauline van Winsen (Jan 19)
- Re: Probe from UK Provider ? Arrigo Triulzi (Jan 20)
- Re: Probe from UK Provider ? Gene Harris (Jan 20)
- Re: Probe from UK Provider ? Jason Witty (Jan 20)
- Solaris BSM Audit Logs Wozz (Jan 17)