---------------Quote------------------------ Bombing %s, port %d Unknown host: %s Syntax: ./hell host port Port can be any port, any of them work equally well FUCKER!!!! su-2.02# -------------------------------------------- This, if my memory serves correct, is a packeter once called "modembomber", circa 1996. Quite old (and quite powerful), and I didn't think it'll still be in use (Google it for source code). Check your logs to see if massive outgoing traffic from your server. Perhaps a few minutes before the attacker logged into your server to execute that bomber. There used to be an addon script to mIRC where it would automatically login to a server and execute it to attack IRC users. Many script kiddies were caught this way since their IP was logged right before the packeting started. As for how they got in, don't know. Have you chrootkit'd? Hopefully this isn't a pre-text to Sunday's olympiads... ~~ Timmothy C. Posey Information System Engineer OutdoorDecor.com http://www.outdoordecor.com timmothy.poseyat_private 205.345.1103 ext. 106 ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jul 03 2003 - 11:09:59 PDT