Wednesday, November 16, 2011

NASDAQ OPERADORS ?..."THE PROJECT"

#include
#include
#include
#include
#include
#include
#include
#include
#include

#include

#define PORT "6667"

#define MAXDATASIZE 256 // max number of bytes we can get at once

// get sockaddr, IPv4 or IPv6:
void *get_in_addr(struct sockaddr *sa)
{
if (sa->sa_family == AF_INET) {
return &(((struct sockaddr_in*)sa)->sin_addr);
}

return &(((struct sockaddr_in6*)sa)->sin6_addr);
}

int main()
{
int sockfd, numbytes;
char buf[MAXDATASIZE];
struct addrinfo hints, *servinfo, *p;
int rv;
char s[INET6_ADDRSTRLEN];

memset(&hints, 0, sizeof hints);
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;

if ((rv = getaddrinfo("irc.netgamers.org", PORT, &hints, &servinfo)) != 0) {
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(rv));
return 1;
}

// loop through all the results and connect to the first we can
for(p = servinfo; p != NULL; p = p->ai_next) {
if ((sockfd = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) {
perror("client: socket");
continue;
}

if (connect(sockfd, p->ai_addr, p->ai_addrlen) == -1) {
close(sockfd);
perror("client: connect");
continue;
}

break;
}

if (p == NULL) {
fprintf(stderr, "client: failed to connect\n");
return 2;
}

inet_ntop(p->ai_family, get_in_addr((struct sockaddr *)p->ai_addr), s, sizeof s);
printf("client: connecting to %s\n", s);

freeaddrinfo(servinfo);
int stay = 1;
while (stay == 1) {

if ((numbytes = recv(sockfd, buf, MAXDATASIZE-1, 0)) == -1) {
perror("recv");
exit(1);
}

buf[numbytes] = '\0';

printf("%s\n",buf);

}
close(sockfd);

return 0;
}

IRC bot detection

Vulnerability Assessment Summary
Fake IDENT server (IRC bot)

Detailed Explanation for this Vulnerability Assessment

This host seems to be running an ident server, but before any
request is sent, the server gives an answer about a connection
to port 6667.

It is very likely this system has heen compromised by an IRC
bot and is now a 'zombi' that can participate into 'distributed
denial of service' (DDoS).

Solution: desinfect or re-install your system
Risk factor: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Michel Arboi

Cielo e terra (duet with Dante Thomas)