Brice et al: You might find this interesting: http://www.lockdowncorp.com/bots/gtbot.html This is about the GT (Global Threat) bot, and goes into great detail about how IRC bot are set up on host computers. Somewhere in there is a discussion of joining a server with no channels but mass users signed on, I think... Also, you might check your system for the presence of the files it lists.. ;-) HTH.. - John Brice Carlson wrote: > Yes, matter of fact i have and i can tell you why... Recently i was > bored. So i decided to delete alot my virus scanner, firewalls, and my > IDS. And i also opened up my file and print shares.(running windows95) > With in 15 minutes I could no longer surf the net. I am running a > 28.8(Don't give me this 56ks are cheap talk) So i opened up file/search > i had some new *programs* on my computer. It scans for subseven. I also > noticed that i had a connection on port 6667 (irc) Ip address > 66.26.92.28. But anyways i tried connecting to this server. i did and... > There was NO Channels. but like 324 users on it... So i'm imagining that > is 324 compromised systems(?) I also let the program run a while (sorry > guys) to find out if someone would connect over Subseven. no one ever > did though, even though i had it on my system. I still have all the > programs on this system i just have a firewall not letting them get > through. If anyone wanted to look into the programs that i have... I'd > be happy to send them the files. Just send me an email. One of them is > the program that they use to communicate to the IRC channel and you very > well know the other. > > Brice Carlson > > >> >> Anyone notice an increase in port scans to 27374 in the last week? I >> noticed several, all from different addresses. >> >> Leon >> >> ---------------------------------------------------------------------------- >> >> This list is provided by the SecurityFocus ARIS analyzer service. >> For more information on this free incident handling, management >> and tracking system please see: http://aris.securityfocus.com >> > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > > ---------------------------------------------------------------------------- > > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management and > tracking system please see: http://aris.securityfocus.com > > > -- John Sage FinchHaven, Vashon Island, WA, USA http://www.finchhaven.com/ mailto:jsageat_private "The web is so, like, five minutes ago..." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Nov 13 2001 - 10:16:30 PST