at first i thought it is proxies and installed bopm, after getting another attack, and bopm stands steal and killed like 3 of 300, i firgured something is not right.
I ran nmap on few of the hosts and found radmin (4899) and realvnc(5900), those ports prolly allow the hacker to take remote control.
so i figured it prolly xdcc, or ddos bots.
is there anything to do agiesnt them?
I thought might to make a script asking for version at connect, and if no respone then shun the user, tho it can catch poor users who ignore tcp, or lagged users.
clues?
is there anyway to add to bopm those ports? i tried to add them to all the protocols there, no clue if it will help.
Untill next time,
yours, sagi