IRC Bot Detection

critical Nessus Plugin ID 18392

Synopsis

The remote host has been compromised.

Description

This host seems to be running an ident server, but before any request is sent, the server gives an answer about a connection to port 6667.

It is very likely this system has been compromised by an IRC bot and is now a 'zombie' that can participate in 'distributed denial of service' (DDoS) attacks.

Solution

Disinfect or re-install your system.

Plugin Details

Severity: Critical

ID: 18392

File Name: ident_backdoor2.nasl

Version: Revision: 1.10

Type: remote

Family: Backdoors

Published: 5/29/2005

Updated: 1/25/2013

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C