Generic Botnet Server Detection (disconnect) (deprecated)

critical Nessus Network Monitor Plugin ID 3149
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host has been compromised and is running a 'backdoor' program.

Description

The remote host appears to be running a machine that is being used to control a botnet. A botnet is a network of compromised computers that are remotely controlled by a malicious bot administrator. Botnets are commonly used for
sending spam
running Denial of Service (DoS) attacks against other networks
scanning and compromising new systems
Installing sniffers
Installing keyloggers
Identify theft

Solution

Manually inspect the machine for malicious processes. In addition, you may wish to consider installing security software that detects and blocks this sort of malicious software.

See Also

http://www.honeynet.org/papers/bots

Plugin Details

Severity: Critical

ID: 3149

Family: IRC Servers

Published: 7/27/2005

Updated: 1/15/2016

Dependencies: 3107