[unisog] IRC bot outbreaks

Anderson Johnston andy at umbc.edu
Wed Jul 31 16:01:00 GMT 2002


On Mon, 29 Jul 2002 Phil.Rodrigues at uconn.edu wrote:

> About a month ago we started to take more direct action against DCC-botted
> hacks.  Through a combo of IPAUDIT (a homegrown network analysis tool) and
> SNORT (looking for known DCC phrases and tftp connections) we usually jump
> on any new bots on our campus quickly, and hopefully we catch a few before
> they occur with regular scans for blank administrative passwords (which is
> still the most common way they gain access).
>

Q: What tools are you using to scan for blank administrative passwords?

							- andy
------------------------------------------------------------------------------
** Andy Johnston (andy at umbc.edu)          *            pager: 410-678-8949  **
** Manager of IT Security                 * PGP key:(afj2002) 4096/8448B056 **
** Office of Information Technology, UMBC *   4A B4 96 64 D9 B6 EF E3 21 9A **
** 410-455-2583 (v)/410-455-1065 (f)      *   46 1A 37 11 F5 6C 84 48 B0 56 **
------------------------------------------------------------------------------



More information about the unisog mailing list