General discussion

Locked

Possible illegal access on your server!!

By julioairizar ·
Hi:
The tittle of the question is the tittle of the e-mail message received by one of my friends who is an administrator(no network admin) in one little non-goberment organization, where network admin resigned his job few days ago. My friend ask mefor help, but the server is running Linux and I dont know nothing about this O.S. The message content was:
"Somebody from Romania is using some IRC software on your server!!!!!
PsyBNC or Proxy for IRC!!!!! This is very dangerouos!!This may causeflooding or DOS attacs!!!

[06:31] * Looking up 206.29.150.55
-
[06:31] * Resolved 206.29.150.55 to dsl-206.29.150-pool-55.cwpanama.net
-this is on UNDERNET IRC.
Please check your system." Question: What we can do about this? How we can check if this is true and in this case eliminate the threat? Thanks in advance.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Possible illegal access on your server!!

by Joseph Moore In reply to Possible illegal access o ...

Look for processes running on your Linux box that you do not realize. Also, you could do a port scan against the Linux machine, to see if an IRC port is open on it. Many of the major port scanners (like my favorite, NMAP) will identify the most common usage of an open port. But something like IRC could run on any port, so it is not foolproof. But a port scan will tell you what ports are open, and you can then decide IF the ports you see open should be open!

Something else to keep in mind, after you analyze your server, is that this could just be a hoax e-mail. Don't assume that yet, but don't also forget this point.

hope this helps

Collapse -

Possible illegal access on your server!!

by julioairizar In reply to Possible illegal access o ...

Poster rated this answer

Collapse -

Possible illegal access on your server!!

by julioairizar In reply to Possible illegal access o ...

This question was closed by the author

Back to Linux Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums