Strange IRC Connections

Discussion in 'Server Operation' started by Niekoesj, Jul 3, 2008.

  1. Niekoesj

    Niekoesj New Member

    Hi there!

    I've got some several problems with a linux installation.
    When i hit the netstat -tap command, i see several connections like "IRC" Connections.

    I'm afraid that im hit by a bot or some kind of virus.
    What can i do? I runned Rootkithunter several times but it found nothing.

    tcp 0 52 s1.xxx.com:52631 punch.va.us.dal.net:ircd LAST_ACK -
    tcp 0 68 s1.xxx.com:52733 punch.va.us.dal.net:ircd LAST_ACK -
    tcp 0 68 s1.xxx.com:52733 punch.va.us.dal.net:ircd LAST_ACK -

    These connections are incomming. And my bandwith is increasing to 1GB !
    What can i do to stop this maddness? I'm Sorry for my bad english! :)
     
  2. edge

    edge HowtoForge Supporter


    Looks to me that your system has been hacked, and used as a "zombie" system.
    Did you update rootkithunter (rkhunter --update) when you did the scan?
     
  3. Niekoesj

    Niekoesj New Member

    Yes i updated it fully before scanning!

    Is there a way to find out what it is and where the file or script is hiding?
     
  4. Niekoesj

    Niekoesj New Member

    Hmm i found some scripts (PERL)

    psy.tar.gz
    zoals socks.tgz,
    tengkorakcrew.txt

    and more :( just deleted it!
     

Share This Page