#1  
Old 3rd July 2008, 13:38
Niekoesj Niekoesj is offline
Junior Member
 
Join Date: Oct 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy Strange IRC Connections

Hi there!

I've got some several problems with a linux installation.
When i hit the netstat -tap command, i see several connections like "IRC" Connections.

I'm afraid that im hit by a bot or some kind of virus.
What can i do? I runned Rootkithunter several times but it found nothing.

tcp 0 52 s1.xxx.com:52631 punch.va.us.dal.net:ircd LAST_ACK -
tcp 0 68 s1.xxx.com:52733 punch.va.us.dal.net:ircd LAST_ACK -
tcp 0 68 s1.xxx.com:52733 punch.va.us.dal.net:ircd LAST_ACK -

These connections are incomming. And my bandwith is increasing to 1GB !
What can i do to stop this maddness? I'm Sorry for my bad english!
Reply With Quote
Sponsored Links
  #2  
Old 3rd July 2008, 14:02
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,033
Thanks: 261
Thanked 150 Times in 130 Posts
Default

Quote:
Originally Posted by Niekoesj View Post
Hi there!

I've got some several problems with a linux installation.
When i hit the netstat -tap command, i see several connections like "IRC" Connections.

I'm afraid that im hit by a bot or some kind of virus.
What can i do? I runned Rootkithunter several times but it found nothing.

tcp 0 52 s1.xxx.com:52631 punch.va.us.dal.net:ircd LAST_ACK -
tcp 0 68 s1.xxx.com:52733 punch.va.us.dal.net:ircd LAST_ACK -
tcp 0 68 s1.xxx.com:52733 punch.va.us.dal.net:ircd LAST_ACK -

These connections are incomming. And my bandwith is increasing to 1GB !
What can i do to stop this maddness? I'm Sorry for my bad english!

Looks to me that your system has been hacked, and used as a "zombie" system.
Did you update rootkithunter (rkhunter --update) when you did the scan?
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
  #3  
Old 3rd July 2008, 14:05
Niekoesj Niekoesj is offline
Junior Member
 
Join Date: Oct 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes i updated it fully before scanning!

Is there a way to find out what it is and where the file or script is hiding?
Reply With Quote
  #4  
Old 3rd July 2008, 14:29
Niekoesj Niekoesj is offline
Junior Member
 
Join Date: Oct 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Hmm i found some scripts (PERL)

psy.tar.gz
zoals socks.tgz,
tengkorakcrew.txt

and more just deleted it!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange problem with Firefox and PHP after update of ISPconfig heinerlamprecht Installation/Configuration 3 10th October 2008 14:23
smtp connections to nameservers IP kyriakos Server Operation 10 16th February 2007 18:14
how to limit connections from unique ip? lyndros Installation/Configuration 1 17th November 2006 14:56
Strange FTP issue pucko Installation/Configuration 4 23rd August 2006 19:26
strange characters in blog m u r Installation/Configuration 4 17th March 2006 13:18


All times are GMT +2. The time now is 05:30.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.