IRC Bot ident Server Detection

critical Nessus Plugin ID 14841

Language:

Synopsis

The remote host has been compromised.

Description

This host seems to be running an ident server, but the ident server responds to an empty query with a random userid. This behavior may be indicative of an IRC bot, worm and/or virus infection. It is very likely this system has been compromised.

Solution

Disinfect or re-install the remote system.

Plugin Details

Severity: Critical

ID: 14841

File Name: ident_backdoor.nasl

Version: Revision: 1.14

Type: remote

Family: Backdoors

Published: 9/28/2004

Updated: 1/25/2013

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Detections

Analytics