Re: IRC -> smtp worm?
From: H C (keydet89@yahoo.com)
Date: 12/18/02
- Previous message: Ţórhallur Hálfdánarson: "Re: IRC -> smtp worm?"
- In reply to: Joao Gouveia: "IRC -> smtp worm?"
- Next in thread: Eric Chien: "Re: IRC -> smtp worm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Dec 2002 08:00:37 -0800 (PST) From: H C <keydet89@yahoo.com> To: incidents@securityfocus.com
> Is anyone aware of some kind of IRC worm that uses
> SMTP servers to act
> as a spy client or something like that?
I'm not sure what you mean by this. After all, why
would an IRC worm need SMTP capability? If the worm
causes the compromise system to connect to an IRC
channel, why would SMTP capability be needed?
> Not that i consider this a serious issue ( from the
> server side of
> course ), but I'm curious on what's causing this
> behaviour.
If you really are curious as to what is causing this
behaviour, I would suggest that you go back to your
IDS and identify the specific systems from which this
traffic originates, and then investigate those
systems. Since you say that this traffic has been
picked up by your IDS, it's just common sense that the
sources of the traffic should be investigated.
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Next message: Eric Chien: "Re: IRC -> smtp worm?"
- Previous message: Ţórhallur Hálfdánarson: "Re: IRC -> smtp worm?"
- In reply to: Joao Gouveia: "IRC -> smtp worm?"
- Next in thread: Eric Chien: "Re: IRC -> smtp worm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
