Tutorial - Hacker Program Found
Hacker Program Found
Impact
This advisory indicates that a hacker program has been detected on the scanned host. This
advisory will only be generated when SARA is in the extreme attack mode.
Background
This warning refers to a hacker program called BNC, which is a simple
program designed to proxy IRC sessions. It is user configurable
using the file bnc.conf to set incoming and outgooing ports, user ID, and
password. Hackers use this program to prove to their community that they have hacked
into the target computer.
The Problem
This warning does not point out a vulnerability in and of itself. But, it
does indicate that the target system may have been compromised, and that a
vulnerability may exist on the system. In order to run the bnc
program, a hacker must have interactive access to the target system.
Resolution
The first step is to kill the BNC program. The next step is
to search the system for evidence of a hacker's presence. After determining that
a hacker is not currently accessing the system, run a full check of the system
to determine how the hacker gained access and eliminate any existing vulnerabilities.