Generic IRC Client Detection / Generic Botnet Detection

Info Nessus Network Monitor Plugin ID 4440

Synopsis

The remote host is running an IRC client.

Description

The remote host appears to be running a machine that has installed an IRC client. IRC is a protocol for messaging. In many cases, IRC is used for botnet C&C traffic.

Solution

Manually inspect the machine for malicious processes to ensure that the IRC traffic is innocuous in nature.

See Also

http://tools.ietf.org/html/rfc2812

Plugin Details

Severity: Info

ID: 4440

Family: IRC Clients

Published: 2008/03/20

Modified: 2015/06/01

Risk Information

Risk Factor: Info