trojan bots flood what should i do?
Posted: Mon May 30, 2005 5:37 pm
Lately, my server is getting attacked by some moron (clones, floods).
at first i thought it is proxies and installed bopm, after getting another attack, and bopm stands steal and killed like 3 of 300, i firgured something is not right.
I ran nmap on few of the hosts and found radmin (4899) and realvnc(5900), those ports prolly allow the hacker to take remote control.
so i figured it prolly xdcc, or ddos bots.
is there anything to do agiesnt them?
I thought might to make a script asking for version at connect, and if no respone then shun the user, tho it can catch poor users who ignore tcp, or lagged users.
clues?
is there anyway to add to bopm those ports? i tried to add them to all the protocols there, no clue if it will help.
Untill next time,
yours, sagi
at first i thought it is proxies and installed bopm, after getting another attack, and bopm stands steal and killed like 3 of 300, i firgured something is not right.
I ran nmap on few of the hosts and found radmin (4899) and realvnc(5900), those ports prolly allow the hacker to take remote control.
so i figured it prolly xdcc, or ddos bots.
is there anything to do agiesnt them?
I thought might to make a script asking for version at connect, and if no respone then shun the user, tho it can catch poor users who ignore tcp, or lagged users.
clues?
is there anyway to add to bopm those ports? i tried to add them to all the protocols there, no clue if it will help.
Untill next time,
yours, sagi