Security Incidents mailing list archives
Re: SSH probe attack afoot?
From: Barrie Dempster <barrie () reboot-robot net>
Date: Tue, 08 Feb 2005 20:28:21 +0000
On Tue, 2005-02-08 at 18:25 +0000, Joe Egloff wrote:
In-Reply-To: <42089361.1010203 () yahoo com sg> Matter of fact I did, but the amount of hosts is increasing. I'm currently assuming, that there some sort race going on. Seems like one or more groups trying to "expand" their bot nets. Why bot nets? Well, on most of the systems I checked I found that the IRC ports are open or on other ports some IRC alike service is running.
bots as part of botnets don't generally setup IRC servers on their hosts. They instead connect to an existing IRC server and join a meeting point channel to be controlled, with single commands. Slightly hard to control them if they all live on separate servers and you have to connect to each individually. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue blog: http://zeedo.blogspot.com site: http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: SSH probe attack afoot?, (continued)
- Re: SSH probe attack afoot? j lake (Feb 08)
- Re: SSH probe attack afoot? Jeffrey Goldberg (Feb 12)
- Re: SSH probe attack afoot? Stephen J. Smoogen (Feb 12)
- Re: SSH probe attack afoot? Jeffrey Goldberg (Feb 16)
- Re: SSH probe attack afoot? Joe Egloff (Feb 07)
- Re: SSH probe attack afoot? naverxp (Feb 08)
- Re: SSH probe attack afoot? Tim (Feb 08)
- Re: SSH probe attack afoot? Frank Knobbe (Feb 08)
- Re: SSH probe attack afoot? Matt Fisher (Feb 09)
- Re: SSH probe attack afoot? naverxp (Feb 08)
- Re: SSH probe attack afoot? Joe Egloff (Feb 08)
- Re: SSH probe attack afoot? Barrie Dempster (Feb 08)
- Re: SSH probe attack afoot? j () 65535 com (Feb 09)
- Chinese HTTP ACKs David Gillett (Feb 09)
- Re: Chinese HTTP ACKs Frank Knobbe (Feb 09)
- Re: SSH probe attack afoot? Barrie Dempster (Feb 08)