Re: Found, a new rootkit

On Friday 31 March 2006 14:08, Jacques B. wrote:
We've cut our bandwidth use in half by getting rid of that. We
also checked the logs and added several dozen more addresses
to /etc/hosts.deny, including many script based password guess
attempts that didn't get in. And put portsentry in its most
paranoid anal mode with a few additions yet.

Might have been set up to host a botnet. A hacker will set up a rogue
IRC server and then point his army of infected bots to it for
instructions. So you'll find a channel with thousands of users in a
room, but nobody talking. What you have are all infected machines
monitoring the channel for commands from the hacker. This gives the
hacker a few layers of protection so very, very difficult to catch.
They use these botnets to distribute spam, launch DDOS, or whatever
else their imagination came come up with. Either of those would
contribute to an increase in bandwidth usage.

Humm, we were in fact subjected to a DDOS attack early last sunday
morning, which lead to the traffic servers demise & rebuild.
Got us listed at spamcop & our mail died.

Jacques B.

--
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules. I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list