Attack problem

Home » Asterisk Users » Attack problem
Asterisk Users 5 Comments

HI,

My system been attacked from someone I guess, kindly check the link below

How can I stop the ircd attack

http://pastebin.com/tbjh5qzP

regards

*********************************************
No employee or agent is authorized to conclude any binding agreement on behalf of Xplorium with another party by e-mail without express written confirmation by an officer of Xplorium. Any views expressed by an individual in this electronic message do not necessarily reflect views of Xplorium or its subsidiaries and associates.

This electronic message and its attachments are solely addressed to the addressee(s), and contain confidential information protected from disclosure belonging to Xplorium.

If you are not the intended addressee of this electronic message and its attachments, kindly delete it immediately from your system and notify the sender by electronic mail. You must not copy this message or attachment or disclose its content to any other person.

Xplorium does not guarantee the integrity of this electronic message and any of its attachments, or that they are free from computer viruses or other defects.
*********************************************

5 thoughts on - Attack problem

  • This isn’t an Asterisk issue.

    0) Turn off your IRC service.

    1) Add some rules to iptables.

    2) Investigate fail2ban and see if it is an appropriate response.

  • Ircd is not installed and cant be located in all system ,any one know or
    have an idea how do they infect my system,
    Any bug in asterisknow?
    How to find the script that initiates this invites ?
    135.307281 192.168.138.56 -> 218.75.79.17 TCP 36578 > ircd [ACK] Seq=36
    Ack=111 Win=5840 Len=0
    135.307434 192.168.138.56 -> 218.75.79.17 TCP 36578 > ircd [FIN, ACK] Seq=36
    Ack=111 Win=5840 Len=0
    135.309188 218.75.79.17 -> 192.168.138.56 TCP ircd > 36578 [FIN, ACK]
    Seq=111 Ack=1 Win=4096 Len=0
    135.309211 192.168.138.56 -> 218.75.79.17 TCP 36578 > ircd [ACK] Seq=37
    Ack=112 Win=5840 Len=0
    135.334037 192.168.138.56 -> 192.168.5.2 DNS Standard query A
    irc3.mysteryaddict.com
    135.334496 192.168.5.2 -> 192.168.138.56 DNS Standard query response A
    87.229.45.226
    135.334657 192.168.138.56 -> 87.229.45.226 TCP 53718 > ircd [SYN] Seq=0
    Win=5840 Len=0 MSS=1460 TSV=1532274 TSER=0 WS=7
    135.342359 218.75.79.17 -> 192.168.138.56 TCP ircd > 42802 [SYN, ACK] Seq=0
    Ack=1 Win=1460 Len=0 MSS=1380
    135.342399 192.168.138.56 -> 218.75.79.17 TCP 42802 > ircd [ACK] Seq=1 Ack=1
    Win=5840 Len=0
    135.342554 192.168.138.56 -> 218.75.79.17 IRC Request

    Regards

  • netstat -anp |grep 6667

    Best Regards,
    Muhammad Nuzaihan Kamal
    Network Consultant
    Mobile: +65 97473874

    Asfa Systems Pte Ltd
    91, Alps Avenue. #03-10. Singapore 498787

    Tel: +65 62538211
    Fax: +65 62504814
    http://www.asfasystems.com.sg

    pub 4096R/36630777 2010-07-10
    Key fingerprint = 670A 4D60 0A2D 43A1 2FE0 DFDA D3A9 3F32 3663 0777
    uid Muhammad Nuzaihan Kamalluddin (Asfa Systems Pte. Ltd.)
    sub 4096R/97E5CBBD 2010-07-10

    href=”mailto:asterisk-users-bounces@lists.digium.com”>asterisk-users-bounces@lists.digium.com