Attack problem

Home » Asterisk Users » Attack problem
Asterisk Users 5 Comments


My system been attacked from someone I guess, kindly check the link below

How can I stop the ircd attack


No employee or agent is authorized to conclude any binding agreement on behalf of Xplorium with another party by e-mail without express written confirmation by an officer of Xplorium. Any views expressed by an individual in this electronic message do not necessarily reflect views of Xplorium or its subsidiaries and associates.

This electronic message and its attachments are solely addressed to the addressee(s), and contain confidential information protected from disclosure belonging to Xplorium.

If you are not the intended addressee of this electronic message and its attachments, kindly delete it immediately from your system and notify the sender by electronic mail. You must not copy this message or attachment or disclose its content to any other person.

Xplorium does not guarantee the integrity of this electronic message and any of its attachments, or that they are free from computer viruses or other defects.

5 thoughts on - Attack problem

  • This isn’t an Asterisk issue.

    0) Turn off your IRC service.

    1) Add some rules to iptables.

    2) Investigate fail2ban and see if it is an appropriate response.

  • Ircd is not installed and cant be located in all system ,any one know or
    have an idea how do they infect my system,
    Any bug in asterisknow?
    How to find the script that initiates this invites ?
    135.307281 -> TCP 36578 > ircd [ACK] Seq=36
    Ack=111 Win=5840 Len=0
    135.307434 -> TCP 36578 > ircd [FIN, ACK] Seq=36
    Ack=111 Win=5840 Len=0
    135.309188 -> TCP ircd > 36578 [FIN, ACK]
    Seq=111 Ack=1 Win=4096 Len=0
    135.309211 -> TCP 36578 > ircd [ACK] Seq=37
    Ack=112 Win=5840 Len=0
    135.334037 -> DNS Standard query A
    135.334496 -> DNS Standard query response A
    135.334657 -> TCP 53718 > ircd [SYN] Seq=0
    Win=5840 Len=0 MSS=1460 TSV=1532274 TSER=0 WS=7
    135.342359 -> TCP ircd > 42802 [SYN, ACK] Seq=0
    Ack=1 Win=1460 Len=0 MSS=1380
    135.342399 -> TCP 42802 > ircd [ACK] Seq=1 Ack=1
    Win=5840 Len=0
    135.342554 -> IRC Request


  • netstat -anp |grep 6667

    Best Regards,
    Muhammad Nuzaihan Kamal
    Network Consultant
    Mobile: +65 97473874

    Asfa Systems Pte Ltd
    91, Alps Avenue. #03-10. Singapore 498787

    Tel: +65 62538211
    Fax: +65 62504814

    pub 4096R/36630777 2010-07-10
    Key fingerprint = 670A 4D60 0A2D 43A1 2FE0 DFDA D3A9 3F32 3663 0777
    uid Muhammad Nuzaihan Kamalluddin (Asfa Systems Pte. Ltd.)
    sub 4096R/97E5CBBD 2010-07-10