From: Carlos Eduardo Pinheiro (cabeca@phreaker.net)
Date: Tue Sep 16 2003 - 12:12:46 EDT
That "W4A" string probably mean "warez for(4) all" and it may be something
like a IRC Bot serving files for download or something like that, and that
opened port is for administration like an eggdrop, well, a googled for it
and found nothing and i never seen it before...
That "220" replies act like an FTP server..very strange.. you should take a
closer look at that machine.. good luck..
Carlos Eduardo Pinheiro - cabeca@gmx.net - ICQ#: 134439332
----- Original Message -----
From: "Bryan Miller" <BMiller@sycomtech.com>
To: <pen-test@securityfocus.com>
Sent: Tuesday, September 16, 2003 12:33 AM
Subject: IRC bot?
> During a pen test yesterday I came across TCP port 6501. Upon connecting
to it via Netcat, I received the following screen:
>
> 220-W4A BotServ 2.0
> 220-==============================================
> 220-You are Connecting From x.x.x.x
> 220-The Local time is 23:20:03,
> 220-14 users have visited in the last 24 hours.
> 220-This server has been running for
> 220-39 Days, 13 Hours, 28 Mins, 6 Secs
> 220-==============================================
> 220-Amout of Logins Since Server Started: 0 total
> 220-Logged in Users: 1
> 220-Total Kb downloaded: 0 Kb
> 220-Total Kb uploaded: 0 Kb
> 220-Amout of Files downloaded: 0
> 220-Amout of Files uploaded: 0
> 220-Average Speed: 0.000 Kb/sec
> 220-Current Speed: 0.000 Kb/sec
> 220-Free Disk Space: 187.18 MB
> 220 ==============================================
>
> Has anyone seen this before? Am I correct in assuming it's some form of
IRC bot? If so, how do I talk to it to verify? Does it have some
interesting uses?
>
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:40 EDT