You may remember my problem from before. This is another, really weird chapter. I've been recently asigned to administer 24 workstation inter-office network; all NT & 2000. One of my users have been visiting amature cracking sites and browsing the internet on company time way too much. He's also downloaded 'netcat', windows version of 'john the ripper' & YAPS (shitty windows port scanner) Before I did anything I wanted to see more "not -so-cool" activity. I wanted him to do something... back to that later

The company public web site hasn't been contracted out to my company. Instead the PR dep. recruited a "web design" company which also hosts the server. Even though this is not my job, I decided to "namp" the machine. Here are the results w/ the "-sS -O" options!

21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
113/tcp open auth
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
143/tcp open imap2
144/tcp open news
161/tcp filtered snmp
306/tcp open unknown
307/tcp open unknown
443/tcp open https
513/tcp open 21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
113/tcp open auth
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
143/tcp open imap2
144/tcp open news
161/tcp filtered snmp
306/tcp open unknown
307/tcp open unknown
443/tcp open https
513/tcp open login
514/tcp open shell
543/tcp open klogin
544/tcp open kshell
1112/tcp filtered msql
2105/tcp open eklogin
3333/tcp filtered dec-notes
4333/tcp filtered msql
5000/tcp filtered fics
6666/tcp filtered irc-serv
6667/tcp filtered irc
6668/tcp filtered irc
7000/tcp filtered afs3-fileserver
7001/tcp filtered afs3-callback
7007/tcp filtered afs3-bos
31337/tcp filtered Elite login
514/tcp open shell
543/tcp open klogin
544/tcp open kshell
1112/tcp filtered msql
2105/tcp open eklogin
3333/tcp filtered dec-notes
4333/tcp filtered msql
5000/tcp filtered fics
6666/tcp filtered irc-serv
6667/tcp filtered irc
6668/tcp filtered irc
7000/tcp filtered afs3-fileserver
7001/tcp filtered afs3-callback
7007/tcp filtered afs3-bos
31337/tcp filtered Elite

Firs of all the box confuses the hell out of nmap's OS detection. But I'd think it's a safe bet it's *nix system. Is this system hacked. Look at the damn 31337 port open it's even named Elite. Why is IRC running on this company system... any advice

The best way to find out is simply to ask them, say that you were following up on suspicious activity. Also if you think it is one of your users that has done this then you have a responsibility to inform them asap.

I feel I should point out gathering some proof may be a good idea, you should look at your proxy/firewall logs (if the box is outside your network), as the downloading of some cracking tools is merely circumstancial.

Sorry I can't give you a good analysis of the nmap scan, but I agree it does look very suspect at face value.

Many companies run IRC servers... that's not that big of a deal.... Also the BO Port (31337) is filtered.. I'm guessing their catching people scanning their network for the port.

I wouldn't be too concerned about the port listing on the system... They are a webdesign/hosting company.. and more than likely they offer other services to the public.... Also you are in the wrong, you never should have scanned a system that isn't your own and has nothing to do with you. They may host your company's website but that's your only relationship with them.... Stay away from their system is my advice to you... it's better for you, for their company and saves their admins the headaches of having to figure out why they are being port scanned.....

In short it aint hacked and by the looks of the port scan its running some type of firewall so congrats you made the logs :) notice the filtered state ? that means there is some sort of firewall in place you can use the -sA switch with "nmap" to check for firewall rules

DEAR GOD!

This box has more openings than swiss cheese!

port 31337 is a trojan port for sure.

Also, if you have permission, try telnetting into this box and see if it lets you in. If your the admin it should be ok but check first so you dont get yourself in any trouble. Any concerned admin would have a field day with this machine.


Remember though get all permission you need before conducting any tests IN WRITING unless you trust them and they say ok.

What is this machine supposed to be doing? As for your little co worker who is surfing hacking sites and doing things he shouldnt be, please refer to my Bastard sys admin from Michigan stories for things to do.

Does your company have any rules/regs regarding 'Appropriate use of the Internet'? If so, are d/l inguch installed programs, against said regulations? I would hope the answer to these questions is yes.

If so, inform the user that the downloaded programs are in violation of the 'Accpetable Use' policy, and should remove them.

Yeah TCP port 31337 is a trojan port(also unassigned).

It can play host to:

BackOrifice.120
Kahled.100
OPC.200

quote "many companies run IRC"... not in this case, there is no need what so ever for this company to run IRC... you are gonna have to trust me on that one...

if and if, the IRC ports would be legitimate (personally i think this is a zombie) why in the world would they be filtered... please ... if you wanna have interdepartmental communication you are NOT gonna run IRC for that...

the telnet banner grab gives me "FreeBSD i386" ... BUT that doesn't fit in w/ the whole 31337 thing...

31337... i know, i know... the first thing that came to my mind was that it's win box w/ a trojan but (look above) it's not .. i repeate it's not a windows box....

i'm gonna level w/ you... personally i think this system has way too many ports open... if this IS a professional job than this box has to be running OpenBSD w/ honey pot of some kind on a cluster.... if not than it's way to open and it's way too overloaded...

and who is scanning for BO these days... please... there are so many better trojans out there where you can even change the server port # ... but remmember this machine is unix....

i believe 70% that this is some kind of bore & inject hack job and i'm gonna level w/ you guys ... if i'm correct and i'm able to prove it i can get promotion and work w/ *nix web servers not stupid NT crap... and let's not forget the $.

If you are interested in helping me in this please pm me and i will give you the ip ... this goes for ppl that i know who will not damage the system or do anything malicious...ei (gore, phishphreak..... and others)

i just have to say one more time... just look ... look at the nmap output... do you really think it's a pro job... telnet & ftp don't even have login disable after 3 attempts.... i can write a bash brute - forcing script in 5 minutes & let it run all night......

what should i do... i'm not gonna try & crack the system. ... don't even suggest that... but i need to find out if the system isn't already cracked

There is trojan tools for Free BSD, last time i installed they offer the netbus tools and shit right on the CDs. So this isnt out of the question. I think being paranoid is also a good thing. a good admin needs medication for his nerves because hes worried...lol ok its half true but anyway i think you should contact them and ask "hey whats going on i got lusers acessing bad sites and a box fulla openings why?"

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by unhappyStar_7
quote "many companies run IRC"... not in this case, there is no need what so ever for this company to run IRC... you are gonna have to trust me on that one...

if and if, the IRC ports would be legitimate (personally i think this is a zombie) why in the world would they be filtered... please ... if you wanna have interdepartmental communication you are NOT gonna run IRC for that...


It's not your company, so how do you know what their needs are... maybe one of the guys runs an IRC server for him and his friends.. and it's filtered because it has an ACL to only allow certain people to connect.. A friend of mine used to admin a hosting company and that was what he did.. had his IRC server running their set-up to only accept certain connections..


the telnet banner grab gives me "FreeBSD i386" ... BUT that doesn't fit in w/ the whole 31337 thing...

31337... i know, i know... the first thing that came to my mind was that it's win box w/ a trojan but (look above) it's not .. i repeate it's not a windows box....

i'm gonna level w/ you... personally i think this system has way too many ports open... if this IS a professional job than this box has to be running OpenBSD w/ honey pot of some kind on a cluster.... if not than it's way to open and it's way too overloaded...


Why does the box have to be running OpenBSD to be professional??? I can show you a professional system set-up on any OS. It's quite possibly a series of Honeypots and once again 31337 could be detecting scans for BO and other trojans.. It's a basic trojan port.


and who is scanning for BO these days... please... there are so many better trojans out there where you can even change the server port # ... but remmember this machine is unix....

That's right it's unix, but they're still watching for scans.... Tons of ISPs do it.. And tons of people scan for BO.. if yer an admin and you don't think that's true... you aren't doing a good job and shouldn't have your job.... Let alone be hoping for a promotion... I can show you tons of of 31337 scans every day.


i believe 70% that this is some kind of bore & inject hack job and i'm gonna level w/ you guys ... if i'm correct and i'm able to prove it i can get promotion and work w/ *nix web servers not stupid NT crap... and let's not forget the $.


Now I'm just confused... The webserver isn't yours....and you insist it's *nix... so now why are you saying you will get to work with *nix web servers and forget about NT crap... do you even know what you are talking about anymore??


If you are interested in helping me in this please pm me and i will give you the ip ... this goes for ppl that i know who will not damage the system or do anything malicious...ei (gore, phishphreak..... and others)

I don't think anyone here trusts you and knows that.....


i just have to say one more time... just look ... look at the nmap output... do you really think it's a pro job... telnet & ftp don't even have login disable after 3 attempts.... i can write a bash brute - forcing script in 5 minutes & let it run all night......


You had to have tried that to find that out... That's not your job and once again this isn't your system.... Leave it alone and do your own job.


what should i do... i'm not gonna try & crack the system. ... don't even suggest that... but i need to find out if the system isn't already cracked

The system is not cracked.. if you think it is your an idiot who should not be an admin.. These guys host professionally.. They know what they are doing.. You obviously do not.. or you wouldn't be here asking for help....

leave it alone and back off.

i guess you got me there H.

i guess some of your assumptions are true... no, PERSONALY i don't give a rat's ass about ppl who i work for, the client or the web hosting inc. i don't have any interest to be friendly w/ a competition and make them aware. if i can prove they've been hacked the client could give us the hosting job and i would get more money. that's my interest and nothing else ... sorry to disappoint. even you won't help me i'm not gonna "back-off" because there's not a slightest proof that this site is secure. we'll see how lock down this is... you don't know anything about me so f-off w/ your "you shouldn't have the job" BS. i guess you would assume that every admin is perfect so this one is too and i should "back off"... but even I w/ my "limited knowledge" can see that the nmap scan speaks for itself

and by the way ... yes i did try to login w/ ftp & telnet "just to see" ... so sue me... and obviously, just as i expected it doesn't lock you out

but that doesn't mean i'm gonna let a BF'er go loose on the daemon

but even I w/ my "limited knowledge" can see that the nmap scan speaks for itself

This is what everyone has been trying to let you know, most of the services on this box are indeed legitimate.

I even noted in parenthesis that port 31337 is also unassigned, meaning that it can also be used for other purposes, as stated in this post by HT:

It's quite possibly a series of Honeypots and once again 31337 could be detecting scans for BO and other trojans.. It's a basic trojan port.

You can't even host your company's own website and now you want to host other peoples??? I'm getting even more confused... but congrats on your ability to pull stuff out of your ass... You are half keeping up... Seriously.. for someone who is apparently an "admin" your grammar sucks, your spelling sucks and you only half make sense.... Why don't you leave us alone... Do your own job..

frame... 31337 is significant because of it's historical meaning... in my company (huge company)... no matter what kind of service you wanna run it's not really professional to put it on 31337.

H. i do have enough experience to know where this is going. you won. no.. really you did. you ruined the ****ing thread. i was hoping for this to be a constructive discussion about this particular system's configuration but you couldn't help and outright acusse me of "things" and insult me. you had to make it personal. i guess i should just shut up and "KNOW" my place ... i guess if i don't know shit now.... i don't have a right to learn EVER .. i bow to you ...

everyone ... seriously ... if you have something constructive to say please pm me or even post it here ... just to say out right again .. i'm not gonna leave this matter alone.... but i will post udates after i dig more..... unless the guy bannes me

AND IF I GAVE A **** ABOUT SPELLING I'D USE THE SPELL CHECKER

frame... 31337 is significant because of it's historical meaning... in my company (huge company)... no matter what kind of service you wanna run it's not really professional to put it on 31337.

Look, i agree to an extent. I feel you have to keep an open mind in this instance, maybe this company is crazy for leaving this port open, crazy like a fox that is. I just don't think you can rule anything out, especially since we don't know what the admin of the site is up to.


you ruined the ****ing thread. i was hoping for this to be a constructive discussion about this particular system's configuration

Look, the thread isnt dead yet, granted the most serious points have been established, but we can still hash out further details like adults.

thank you for being positive ... i'm sorry i got carried away but i didn't mean any harm to the system and it's not like port scanning is illegal ...

really framework i appriciate your input... i'm gonna do more research on this server and i'll let you know how it goes ... in the mean time if you come up w/ anything post...

thank you for being positive ... i'm sorry i got carried away but i didn't mean any harm to the system and it's not like port scanning is illegal ...

really framework i appriciate your input... i'm gonna do more research on this server and i'll let you know how it goes ... in the mean time if you come up w/ anything post...

Don't mention it. ;)
Trust me i've done much worse. Heh.

AO is packed with intelligent members as you can already see, so i'm quite sure this thread isnt finished just yet. :cool:

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by FrameWork


Don't mention it. ;)
Trust me i've done much worse. Heh.

AO is packed with intelligent members as you can already see, so i'm quite sure this thread isnt finished just yet. :cool:

Sorry.. but I kinda hope this thread is finished.. I know it has irritated me and a few other members. This guys is basically asking us to help him prove that a computer has been hacked (using a scan that shows nothing of the sort) so that he can steal business and get a promotion.... He's asking us to do his work for him and it's not even his work... . If he can't do it himself, he shouldn't be worried about it.... I've said it once and I'll say it again.. It's not his concern...

you big fat mother****er.... do not post in here anymore .... i'm not asking anyone to do or prove anything ... go eat more twinkies you bitch... and leave me alone.... i asked for a ****ing EDUCATED OPINION ... not your flaming that doesn't really say anything or answers any of my questions. if the site is hacked i don't know for sure if i get anything out of it idon't know... but i'm hoping... maybe you leave your shit unatteneded 24/7 and you just tell the REAL CRIMINALS to just "leave you alone"... **** you, it's because of you and ppl like you that tech industry is more concerned w/ politics than the technology itself... You are the ****ing scum that's ruining the "hacker culture" and "spirit" Just because you read C# for Dummies doesn't make you R. Stallman.... You go on for months about ethics... but that's only your cover for your incompetence. Anyone can secure a server. Shit, w/ windows (which you said you use) MS made it so easy that ANYONE can do it.... (yeah i know you are gonna talk 'bout my user but I LET HIM DO WHAT HE DOES).... but to find out about remote system or penetration testing what i wanna do and what i'm trying to learn ... (just more opportunity for you to flame me)... i really wish to see if you'd insult my inteligence in a bar face to face... i think NOT

achhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh...

and the so called "work" am asking "you" to do .... i will do myself...

after all this post was based on 10 sec of investigation and rational thought

mood: happy
reason: i got chicken wings for breakfast:

you truly make me sick you ****ing slob

you big fat mother****er

Have you met the man? Nope. So the personal attacks are uncalled for. Also, why so defensive if your intentions are legit?

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by unhappyStar_7
you big fat mother****er.... do not post in here anymore .... i'm not asking anyone to do or prove anything ... go eat more twinkies you bitch... and leave me alone.... i asked for a ****ing EDUCATED OPINION ... not your flaming that doesn't really say anything or answers any of my questions. if the site is hacked i don't know for sure if i get anything out of it idon't know... but i'm hoping... maybe you leave your shit unatteneded 24/7 and you just tell the REAL CRIMINALS to just "leave you alone"... **** you, it's because of you and ppl like you that tech industry is more concerned w/ politics than the technology itself... You are the ****ing scum that's ruining the "hacker culture" and "spirit" Just because you read C# for Dummies doesn't make you R. Stallman.... You go on for months about ethics... but that's only your cover for your incompetence. Anyone can secure a server. Shit, w/ windows (which you said you use) MS made it so easy that ANYONE can do it.... (yeah i know you are gonna talk 'bout my user but I LET HIM DO WHAT HE DOES).... but to find out about remote system or penetration testing what i wanna do and what i'm trying to learn ... (just more opportunity for you to flame me)... i really wish to see if you'd insult my inteligence in a bar face to face... i think NOT

achhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh...

and the so called "work" am asking "you" to do .... i will do myself...

after all this post was based on 10 sec of investigation and rational thought

mood: happy
reason: i got chicken wings for breakfast:

you truly make me sick you ****ing slob

So wait you insult him and then his weight but get mad because he insulted you? and calling him fat and a twinkie eater? im fat and i dnot eat those ****ing things. And for the record id insult you face to face in a bar, an alley, and anywhere else youd like. This bi problem with fat people gets on my nerves.

Its all fun and games untill the fat kid snaps. You called him a slob because something simple made him happy...since when was that a sin? And telling him not to post? umm, this is a FREE forum, he can post anywhere he wants.

How is he ruining anything by telling you to mind your own business? and for that "fat" comment, hav a neg :) eat it and look like the people you make fun of.

As to the backorrifce port , Freebsd has a port(program) called fakebo. Its a tool for trapping/playing with script kiddies who are scanning for BO. I have been meaning to install it myself for some fun. You Might just have someone who is computer saavy,likes to irc with friends ,and play with skiddies? http://www.freebsd.org/cgi/ports.cgi?query=fakebo&stype=all

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by lumpyporridge
As to the backorrifce port , Freebsd has a port(program) called fakebo. Its a tool for trapping/playing with script kiddies who are scanning for BO. I have been meaning to install it myself for some fun. You Might just have someone who is computer saavy,likes to irc with friends ,and play with skiddies? http://www.freebsd.org/cgi/ports.cgi?query=fakebo&stype=all

I cuoldv sworn i said that, anyway thuogh it should be on the install CDs. cute proggie.

just elaborating ,as i was not not sure as to what you meant by tools as they offer a few others ,not humerous like fakebo though.

gore ... so you took offence personally and gave me neq's... i have respect for you because i read many of your posts... BUT...

i'm not gonna apologize for insuting him because i TRIED, I DID TRY just to talk about pure security and technical issues but this guy insuted me and my job and my qualifications and everything else.. so **** him.. he's open game

gore ... i read your post about how much you weigh and all that... whatever... i excercise myslef (a lot) and don't brag about it... at least not here... it's really pathetic of you to be so 'proud' of how big you are... IT's like Star Jones thinking she's a sexy diva... noone cares
so please leave this personal BS alone

--------------------------------------------------------------------------------------------------------------------
i took the BSD port changer seriously but i don't think it applies in this case... like i said i will investigate further and see what i can come up w/. so far i've just enumerated a very small part of the network

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by unhappyStar_7
gore ... so you took offence personally and gave me neq's... i have respect for you because i read many of your posts... BUT...

i'm not gonna apologize for insuting him because i TRIED, I DID TRY just to talk about pure security and technical issues but this guy insuted me and my job and my qualifications and everything else.. so **** him.. he's open game

gore ... i read your post about how much you weigh and all that... whatever... i excercise myslef (a lot) and don't brag about it... at least not here... it's really pathetic of you to be so 'proud' of how big you are... IT's like Star Jones thinking she's a sexy diva... noone cares
so please leave this personal BS alone

--------------------------------------------------------------------------------------------------------------------
i took the BSD port changer seriously but i don't think it applies in this case... like i said i will investigate further and see what i can come up w/. so far i've just enumerated a very small part of the network


So your saying i should be ashamed of the way i look? and that even though i could bench your family i need to lose weight because YOU think im fat? hmm thats funny.

Why is it pathetic of someone to take pride in their size???? I take a lot of pride in the fact that I'm 6'2, 270lbs... I can push a car in neutral up a hill, carry 300lbs+ roof trusses all day, bike 30-40km at a time, and keep up with everyone else in the 100m dash..

BTW we'll brag about whatever we want here.. as gore mentioned it's a free forum... :)....

hmm..Let me get this straight.

Your company has hired an outside service to create and host a website for it. You were concerned or just curious about the webhosting company's security, so you ran a SYN stealth port scan on it (presumably as su or root). The results came back with many open and filtered ports, leading you to believe it was insecure, as you could not see a use for many of the ports. Additionally, you would like to prove that this site is insecure so you can take over the web server administration duties for better pay (and to use *NIX instead of NT). Therefore, you began to do some footprinting and exploration. Furthermore, you invited us to help you prove it's insecure so as to help you take over the duties.

That is my understanding of the situation thus far, and in a more favorable light than I imagine a few others see it.

However, your handling of the situation leaves much to be desired. First of all, you are attempting to crack into a system OUTSIDE of your control, and without the permission of the owners. While you do have an interest in the security of your site, this is STILL illegal. Furthermore, you bring this up on a site adamantly anti-cracker and ask for help (whether it was the main focus or not is beside the point). Second, most, if not all, of those ports have legitimate uses in the context of the company. ftp, ssh, telnet, smtp, http, pop3, auth (TCP authentication), imap2, news, https, login, shell, klogin, kshell, and eklogin are all services that are enabled on some server or another on the internet and have legitimate purposes in use or administration, and for a large web hosting are to be expected. Don't believe me? google for them, one by one, down the list to find out the purpose and use of all these ports. Also, all those other ports are filtered. Filtered does not mean open. It doesn't mean closed either, but importantly they are not open.

Now for the last item of my hit list: your very abusive post in response to HTRegz. While there is some reason - he was shooting you down again and again, it is not nearly enough for an outburst like that. First, you should have more control than that. Second, you better get used to criticism or you will never survive on the net (at least, if you want to participate and not just watch), nor in the real world - react like that to your boss's criticism, and you will be on the street before your workday ends. That post was childish, immature, and entirely inappropriate. If you don't like what he says, ignore him. If he challenges you, come back with an intelligent reply. Not only did that post portray a lack of control, it also insinuates that you have no clue what you are talking about, that you are incapable of properly defending yourself, and so you are resorting to personal attacks. Further, even what you did say was uninformed, presumptuous, and prejudicial. Before you attempt to do anything resembling this again, I suggest that you do a bit of research into the person you are trying to insult, and be well aware that what you say may cause ill will toward you from more than just your target and his/her friends.

Grow up, gain some self control, read up on law in regards to the internet, and learn. You will be better for it, and if you don't, it's your loss.

Those attacks by all of you against each other are not necessary at all.... We are supposed to be on the same team... but, I'll stay out of all that.

The open ports are ports that services are being offered to the public. Most of them all have their means of being protected... uesr names, passwords, user rights, blocked at ip and host level, etc. The filtered ports can't be accessed. They are blocked by a firewall. It is even possible that those services are not running.. nmap just returns it because it sees a rule that says filtered and assumes that it is running.

When I scan my box(s)... I see every service installed as filtered... except for a few that are truly running. There is quite a few that show up as filtered... and the rest show up as open.

If you are truly worried about this machine... call the admins of it. Have them investigate it. Have them explain to you why the scan came up like it did. What are doing to protect your site and any info that may be stored on it? Most of them are decent people and want to reassure you. If there is a problem... they will take care of it. If they don't take care of it... take your business elsewhere.

If you want to learn about computer forensics... pick up a book. Hacking Exposed is good. I also like Incident Response (Investigating Computer Crime). There are tons more out there. You can also learn with test networks... I wouldn't be messing about on production machines.

By looking at a scan you can't tell if a system was compromized. You will need to get into the OS itself and system logs. Look at services, running processos, user accounts, audit trails and a whole lot more.

I doubt that you want to do that since you are not authorized. You hired them to serve your website... they didn't hire you as a security consultant. You can really get into a lot of trouble with both your work and their company for messing around like this. Trust me...

Our security guru did the same to one of our vendors and we recieved letters from their Lawyers. They were nice about it... just a cease and desist if you will. If you don't have a contract with someone... DO NOT TRY TO "AUDIT" THEM! Seriously...

A phone call to your account manager or their security gurus will work wonders. Especially since you are a concerned customer.

do i really 'lack' self control... NO i have self control where it's needed... (like my boss) and i don't really need to control myself against personal attacks over the net... whatever .... whatever... i'm begging for this personal $ to be finished ... it's not going anywhere....
..............................................................................................................................................

no really. let's move on

..............................................................................................................................................

ok i managed to connect to the irc server by routing from the internal NT system in my job.. there's only 1 channel in /list ... it's "#a"... inside there is only one user "@gg1". i really wish i knew more about irc because it doesn't respont to any commands i can think of. i can create new channels but only 9 so limit is 10. the funny thing is that when i do /whois on him it show up as URL with blabla.ru ... what is ".ru"??? ... i'll be back... in a sec

what is ".ru"???

It's the TLD for Russia.

i really wish i knew more about irc because it doesn't respont to any commands i can think of.

Here is something that may help you: http://www.newircusers.com/ircchat.html

have fun.

ru ssia