Michael Whitman on Wed, 28 Jun 2000 09:49:10 -0400 (EDT)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] my wacko email server

My email server went crazy last night, according to my isp, sending something lik 3000 packets every 2 seconds to ip address 216.87.212.162. Doing a grep on that address I got this response /home/squ/.bash_history:./stealth 216.87.212.162 7

Here is the content of that file... looks loke bnc (an IRC program I think) was installed - what is stealth?

Looks like i was hacked? Any help with interpreting what went on would be appreciated.

w
w
w
ftp
l
w
ls
ftp
gcc -o stealth stealth.c
./stealth 207.202.129.211 1234
./stealth 206.161.205.30 225
ls
./stealth 207.179.81.70 6668
ls
./stealth 204.156.12.50 6667
./stealth 192.114.47.10 6667
ls
./stealth 213.9.19.30 6668
./stealth 204.126.2.47 1
./stealth 216.123.178.4 1
ls
w
lynx http://ftp.loxinfo.co.th/pub/unix/irc/bnc2.6.2.tar.gz
ls
gunzip bnc2.6.2.tar.gz
tar -vxf bnc2.6.2.tar
cd bnc2.6.2
make
pico example.conf
./bnc example.conf
ls
./stealth 216.87.212.162 7

-Mike


Michael P. Whitman
Programmer
LAW.com



mailto:michaelw@palawnet.com


______________________________________________________________________
Philadelphia Linux Users Group       -       http://plug.nothinbut.net
Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
General Discussion   -   http://lists.nothinbut.net/mail/listinfo/plug