Re: IRC bot?

From: Carlos Eduardo Pinheiro (cabeca_at_phreaker.net)
Date: 09/16/03

  • Next message: Florian Stark: "Re: IRC bot?" 
    To: "Bryan Miller" <BMiller@sycomtech.com>
Date: Tue, 16 Sep 2003 13:12:46 -0300

    That "W4A" string probably mean "warez for(4) all" and it may be something
    like a IRC Bot serving files for download or something like that, and that
    opened port is for administration like an eggdrop, well, a googled for it
    and found nothing and i never seen it before...
    That "220" replies act like an FTP server..very strange.. you should take a
    closer look at that machine.. good luck..

    Carlos Eduardo Pinheiro - cabeca@gmx.net - ICQ#: 134439332

    ----- Original Message -----
    From: "Bryan Miller" <BMiller@sycomtech.com>
    To: <pen-test@securityfocus.com>
    Sent: Tuesday, September 16, 2003 12:33 AM
    Subject: IRC bot?

    > During a pen test yesterday I came across TCP port 6501. Upon connecting
    to it via Netcat, I received the following screen:
    >
    > 220-W4A BotServ 2.0
    > 220-==============================================
    > 220-You are Connecting From x.x.x.x
    > 220-The Local time is 23:20:03,
    > 220-14 users have visited in the last 24 hours.
    > 220-This server has been running for
    > 220-39 Days, 13 Hours, 28 Mins, 6 Secs
    > 220-==============================================
    > 220-Amout of Logins Since Server Started: 0 total
    > 220-Logged in Users: 1
    > 220-Total Kb downloaded: 0 Kb
    > 220-Total Kb uploaded: 0 Kb
    > 220-Amout of Files downloaded: 0
    > 220-Amout of Files uploaded: 0
    > 220-Average Speed: 0.000 Kb/sec
    > 220-Current Speed: 0.000 Kb/sec
    > 220-Free Disk Space: 187.18 MB
    > 220 ==============================================
    >
    > Has anyone seen this before? Am I correct in assuming it's some form of
    IRC bot? If so, how do I talk to it to verify? Does it have some
    interesting uses?
    >

    ---------------------------------------------------------------------------
    FREE Trial!
    New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
    and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
    technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
    ----------------------------------------------------------------------------

  • Next message: Florian Stark: "Re: IRC bot?"