IRC Bot ident Server Detection

Critical Nessus Plugin ID 14841


The remote host has been compromised.


This host seems to be running an ident server, but the ident server responds to an empty query with a random userid. This behavior may be indicative of an IRC bot, worm and/or virus infection. It is very likely this system has been compromised.


Disinfect or re-install the remote system.

Plugin Details

Severity: Critical

ID: 14841

File Name: ident_backdoor.nasl

Version: Revision: 1.14

Type: remote

Family: Backdoors

Published: 2004/09/28

Modified: 2013/01/25

Dependencies: 17975

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C