You appear to have been infected with one of a variety of Trojans - like BO, NetBus, Sub7, etc. Can't tell from the ports you show, since many of the trojans are configurable for responses, U@H values when connecting to IRC, listening ports, etc. I've seen that same thing from the IRCAdmin side of the equation many times. We used to set up in the "target" channel and wait for the organic to show up and claim it's bots. Unfortunately, even when we'd dealt with him, we'd often see stragglers from his botnet for weeks to come. Advice - get some scanning software appropriate for your OS (Sorry, no recommendation - I'm an *IX guy) and find the trojan. Mike Parkin Cisco Systems, Inc. Information Security SysAdmin/NetAdmin ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Aug 27 2002 - 13:12:55 PDT