Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:493 |
| Message | INFO psyBNC access |
| Summary | This event is generated when an attempt is made to access the psyBNC IRC "bouncer". |
| Impact | |
| Detailed Information | The psyBNC IRC bouncer was designed to hold a connection to an IRC server. As part of the connection process, a psyBNC server will respond with "Welcome!psyBNC@lam3rz.de". |
| Affected Systems | All systems using psyBNC. |
| Attack Scenarios | The psyBNC server itself is not necessarily a risk in itself, but this may be a violation of corporate policy. Furthermore, psyBNC has found it's way into a large number of rootkits, both as an IRC bouncer and as remote control agent for dDOS networks. |
| Ease of Attack | Simple. Any user can install psyBNC. |
| Corrective Action | Check the originating host IP and source port and investigate the possibility of a listening psyBNC server and possible system comprimise. |
| Additional References | psyBNC: http://www.psychoid.lam3rz.de/ http://www.psychoid.net/ |
--
DID:105319
--
http://www.aanval.com/