BigWil
Verified User
- Joined
- Aug 5, 2004
- Messages
- 296
I just figure I would throw this out there and see if anyone has any ideas. I have an AUP infringing script or program trying to use outbound port 6667 to blast somebody or something. When I allow it through I notice a substantial performance loss so I would guess it is an IRC Bot infection.
The problem is that I can't find it to shut it up and it floods my firewall logs. I have done everything from grepping the machine for the obvious to tailing most of the logs in hopes for something. No installs of PHPNuke on this machine and I have never seen anything get installed that to my knowledge would do this. Tripwire and the DDoS toys detect nothing.
Big Wil
The problem is that I can't find it to shut it up and it floods my firewall logs. I have done everything from grepping the machine for the obvious to tailing most of the logs in hopes for something. No installs of PHPNuke on this machine and I have never seen anything get installed that to my knowledge would do this. Tripwire and the DDoS toys detect nothing.
Big Wil