IRC Bot Detection

Critical Nessus Plugin ID 18392


The remote host has been compromised.


This host seems to be running an ident server, but before any request is sent, the server gives an answer about a connection to port 6667.

It is very likely this system has been compromised by an IRC bot and is now a 'zombie' that can participate in 'distributed denial of service' (DDoS) attacks.


Disinfect or re-install your system.

Plugin Details

Severity: Critical

ID: 18392

File Name: ident_backdoor2.nasl

Version: $Revision: 1.10 $

Type: remote

Family: Backdoors

Published: 2005/05/29

Modified: 2013/01/25

Dependencies: 17975

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C