Re: Port 6667 & 10.0.1.128/1.1.1.1/1.3.3.7

From: Mimic (null_at_void.net)
Date: 09/19/03


Date: Fri, 19 Sep 2003 16:33:47 +0100


"ex-Zephion" <dl1west-nospam@yahoo.com> wrote in message
news:3F69CFF6.EC6426BD@yahoo.com...
> Hello,
>
> I'm seeing a lot of traffic trying to leave my firewall destined for
> port 6667 at the IPs 10.0.1.128, 10.10.10.10, 1.1.1.1 and 1.3.3.7
> (sounds like l337/elite to me :-).
>
> Yes - I know the 10.x.x.x traffic isn't going too far.... RFC1918, etc,
> etc.
>
> Various Google searches and searches on the various A/V sites haven't
> turned up a definite answer - just more questions about the same thing.
>
> Can anyone clue me in to the exact trojan/worm/virus this may be and/or
> if they're seeing the same kind of traffic.
>
> Any insight is appreciated....
>
> Thanks.
>
> B
>

6667 is generally an IRC server, so maybe its an IRC spread worm ?
if you run irc, you could check to see if theres anything (scripts) funny in
your irc dir i guess

--
Mimic
"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"


Relevant Pages

  • Re: Port 6667 & 10.0.1.128/1.1.1.1/1.3.3.7
    ... > Various Google searches and searches on the various A/V sites haven't ... 6667 is generally an IRC server, so maybe its an IRC spread worm? ... you could check to see if theres anything funny in ... "Without Knowledge you have fear, With fear you create your own nightmares." ...
    (comp.security.firewalls)
  • Re: #pick chat on freenode has moved
    ... how many MV people have ever used IRC or do so on a regular basis. ... understanding is that Google provides everything, ... participation grew after browsers provided a view of the data and I ... I frequently offer help in several FreeNode channels so I idle ...
    (comp.databases.pick)
  • Re: Google Bobbles NSA wiretap searches
    ... You can look for encrypted irc on google. ... And on the point of commercialism, I am going for a very niche market. ... profess and whom I know from personal experience to have similar integrity ...
    (comp.os.linux.security)
  • Deleting an installed Autoconf ?
    ... (google is not what is used to be for some reason). ... and that installation is about 111mb... ... #DJGPP channel. ... IRC is a real-time chat environment. ...
    (comp.os.msdos.djgpp)
  • Re: Google Groups is the Enemy? (was: Re: YAAD)
    ... So this does not make Google Groups the enemy but my only ... You've listed a lot of reasons why Google is convenient, ... But er, if irc is for people with short attention spans, what should ...
    (rec.games.roguelike.nethack)