Results 1 to 2 of 2

Thread: Identifying IRC BOT

  1. #1
    Senior Member
    Join Date
    May 2003

    Identifying IRC BOT

    If the machine was found with IRC bot, how can I check the integrity of the machine to make sure that further compromised was not done? I have checked the logs and other events, but stuck now. Also besides DCC transfer, what are other ways that IRC bot can be dropped to the target?


  2. #2
    Senior Member
    Join Date
    Aug 2003
    If you didn't have an md5 checksum of all files before, you probably can't do much. There is a standard database of md5 hashes, but I can't remember where the blazes they were.

    Standard wisdom (if you can call it that) is there is virtually no way you can guarantee that you found everything. Best suggestion is complete rofrmat.

    There are programs such as Tripwire that can do integrity checks for you (you have to do a little searching for the free versions) But they are only going to help you if you are prepared ahead of time.

    As far as methods of infection, I'll have to defer to someone with more knowledge than I have.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts