GEN:SID | 1:493 |
Message | INFO psyBNC access |
Summary | This event is generated when an attempt is made to access the psyBNC IRC "bouncer".
|
Impact | |
Detailed Information | The psyBNC IRC bouncer was designed to hold a connection to an IRC server. As part of the connection process, a psyBNC server will respond with "Welcome!psyBNC@lam3rz.de".
|
Affected Systems | All systems using psyBNC.
|
Attack Scenarios | The psyBNC server itself is not necessarily a risk in itself, but this may be a violation of corporate policy. Furthermore, psyBNC has found it's way into a large number of rootkits, both as an IRC bouncer and as remote control agent for dDOS networks.
|
Ease of Attack | Simple. Any user can install psyBNC.
|
Corrective Action | Check the originating host IP and source port and investigate the possibility of a listening psyBNC server and possible system comprimise.
|
Additional References | psyBNC: http://www.psychoid.lam3rz.de/ http://www.psychoid.net/
|