 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 95
 Members: 0
 Total: 95
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Need some advice |
|
 Posted: Sat Sep 24, 2005 10:08 pm |
 |
|
| darkclaw |
| Regular user |
 |
|
| Joined: Aug 04, 2005 |
| Posts: 14 |
|
|
|
 |
|
 |
|
Hello!
There is a guy whois using some shells to DoS my UO server.
He is using a BNC on IRC:
C4nt1 is ~FullT@yl27hlvL2ak.211.233.12.O
How do I contact the owner of that network so they can fix their computer?
He is using some shellbot script written in Perl by Atrix Team, its a brazilian group.
You can take a look at script in: http://www.atrix-team.org/files/shellbot
And in the BNC here: http://www.atrix-team.org/files/Atrix_BNC-1.7.tgz
How to avoid being DoSsed?
Thanks! |
|
|
|
|
| Posted: Fri Sep 30, 2005 1:31 am |
|
|
| UrlGuy |
| Regular user |
|
|
| Joined: Jul 20, 2005 |
| Posts: 16 |
| Location: Norway |
|
|
|
|
|
|
whois.sc/ip
if you meant 211.233.12.0 as IP its owner is "Korea Internet Data Center Inc" abuse: hostmaster@nic.or.kr .
You can customise some rules with Snort to avoid some DoS'.  |
|
|
|
|
|
Re: Need some advice |
|
| Posted: Wed Oct 05, 2005 5:08 pm |
|
|
| LINUX |
| Moderator |
 |
|
| Joined: May 24, 2004 |
| Posts: 404 |
| Location: Caiman |
|
|
|
|
|
|
| darkclaw wrote: | Hello!
There is a guy whois using some shells to DoS my UO server.
He is using a BNC on IRC:
C4nt1 is ~FullT@yl27hlvL2ak.211.233.12.O
How do I contact the owner of that network so they can fix their computer?
He is using some shellbot script written in Perl by Atrix Team, its a brazilian group.
You can take a look at script in: http://www.atrix-team.org/files/shellbot
And in the BNC here: http://www.atrix-team.org/files/Atrix_BNC-1.7.tgz
How to avoid being DoSsed?
Thanks! |
correct is normal this, you server have one vul permit attacker run BNC or shell bot for run commands in one irc server (spam, bnc for anonymous, ddos attack, and much more)
paste here uname -a, look ports 1666 9865 4561 44464 66666 brasilian like run this backdoors, disable perl for nobody user, and look what process running |
|
|
|
|
|
|
|
|
| Posted: Sat Oct 08, 2005 10:13 pm |
|
|
| darkclaw |
| Regular user |
|
|
| Joined: Aug 04, 2005 |
| Posts: 14 |
|
|
|
|
|
|
|
Sorry Linux but i didn't understand a word you said.
I don't have access to the computer that guy is using, I wanted to contact their administrator so they can fix it. I told some guy is using "ghost" computers do DoS my UO Server, who is Windows 2003 based.
I have never used Snort. I will try that.
Thanks. |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
