Re: [asterisk-users] Attack problem

Muhammad Nuzaihan Kamalluddin Mon, 20 Dec 2010 03:13:04 -0800

netstat -anp |grep 6667

Best Regards,
Muhammad Nuzaihan Kamal
Network Consultant
Mobile: +65 97473874


Asfa Systems Pte Ltd
91, Alps Avenue. #03-10. Singapore 498787

Tel:  +65 62538211
Fax: +65 62504814
www.asfasystems.com.sg

pub   4096R/36630777 2010-07-10
      Key fingerprint = 670A 4D60 0A2D 43A1 2FE0  DFDA D3A9 3F32 3663 0777
uid                  Muhammad Nuzaihan Kamalluddin (Asfa Systems Pte. Ltd.) 
<[email protected]>
sub   4096R/97E5CBBD 2010-07-10



On 20-Dec-2010, at 5:40 PM, Khaled W. Chehab wrote:

> Ircd  is not installed and cant be located in all system ,any one know or
> have an idea how do they infect my system,
> Any bug in asterisknow?
> How to find the script that initiates this invites ?
> 135.307281 192.168.138.56 -> 218.75.79.17 TCP 36578 > ircd [ACK] Seq=36
> Ack=111 Win=5840 Len=0
> 135.307434 192.168.138.56 -> 218.75.79.17 TCP 36578 > ircd [FIN, ACK] Seq=36
> Ack=111 Win=5840 Len=0
> 135.309188 218.75.79.17 -> 192.168.138.56 TCP ircd > 36578 [FIN, ACK]
> Seq=111 Ack=1 Win=4096 Len=0
> 135.309211 192.168.138.56 -> 218.75.79.17 TCP 36578 > ircd [ACK] Seq=37
> Ack=112 Win=5840 Len=0
> 135.334037 192.168.138.56 -> 192.168.5.2  DNS Standard query A
> irc3.mysteryaddict.com
> 135.334496  192.168.5.2 -> 192.168.138.56 DNS Standard query response A
> 87.229.45.226
> 135.334657 192.168.138.56 -> 87.229.45.226 TCP 53718 > ircd [SYN] Seq=0
> Win=5840 Len=0 MSS=1460 TSV=1532274 TSER=0 WS=7
> 135.342359 218.75.79.17 -> 192.168.138.56 TCP ircd > 42802 [SYN, ACK] Seq=0
> Ack=1 Win=1460 Len=0 MSS=1380
> 135.342399 192.168.138.56 -> 218.75.79.17 TCP 42802 > ircd [ACK] Seq=1 Ack=1
> Win=5840 Len=0
> 135.342554 192.168.138.56 -> 218.75.79.17 IRC Request
> 
> Regards
> 
> 
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of A J Stiles
> Sent: Friday, December 17, 2010 6:20 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: Re: [asterisk-users] Attack problem
> 
> On Friday 17 Dec 2010, Khaled W. Chehab wrote:
>> HI,
>> 
>> My system been attacked from someone I guess, kindly check the link 
>> below
>> 
>> How can I stop the ircd attack
> 
> # /etc/init.d/ircd stop
> # chmod -x  /etc/init.d/ircd
> 
> Should do the business  :)
> 
> --
> AJS
> 
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to
> Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
> 
> 
> 
> *********************************************
> No employee or agent is authorized to conclude any binding agreement on 
> behalf of Xplorium with another party by e-mail without express written 
> confirmation by an officer of Xplorium. Any views expressed by an individual 
> in this electronic message do not necessarily reflect views of Xplorium or 
> its subsidiaries and associates.
> 
> This electronic message and its attachments are solely addressed to the 
> addressee(s), and contain confidential information protected from disclosure 
> belonging to Xplorium.
> 
> If you are not the intended addressee of this electronic message and its 
> attachments, kindly delete it immediately from your system and notify the 
> sender by electronic mail. You must not copy this message or attachment or 
> disclose its content to any other person.
> 
> Xplorium does not guarantee the integrity of this electronic message and any 
> of its attachments, or that they are free from computer viruses or other 
> defects.
> *********************************************
> 
> 
> 
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Attack problem

Reply via email to