[78598] in North American Network Operators' Group
RE: IRC bots...
daemon@ATHENA.MIT.EDU (Hannigan, Martin)
Sat Mar 12 17:33:00 2005
Date: Sat, 12 Mar 2005 17:32:18 -0500
From: "Hannigan, Martin" <hannigan@verisign.com>
To: "Bill Nash" <billn@billn.net>,
"Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Cc: <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> Bill Nash
> Sent: Saturday, March 12, 2005 4:40 PM
> To: Fergie (Paul Ferguson)
> Cc: nanog@merit.edu
> Subject: Re: IRC bots...
>=20
>=20
>=20
> On Sat, 12 Mar 2005, Fergie (Paul Ferguson) wrote:
>=20
> > Somewhat related to operational issues...
> >
> > It was interesting to read the "daily handler" log at
> > the ISC which related their experiences with detecting
> > (and disabling/disinfecting) a machine/network infected
> > with several IRCbot drone computers. As someone who has
> > had to deal with with this issue on several customer
> > networks, it is sometimes intriguing at the length at
> > which some of the developers of these damned things
> > go through to accomplish their feats. :-)
>=20
> A fun solution to mitigating this problem: NAT or PBR to funnel all=20
> standard outbound IRC traffic to an internal ircd of your choice.
[ SNIP ]
Who's got time for all that? Chase the controller, shut down
the user until they buy some AV software. We've gone beyond
"I didn't know" for endusers in most regions.=20
This problem turned into the spam problem faster than the
spam problem did.=20
-M<=20
