|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: IRC bots...
> -----Original Message----- > From: [email protected] [mailto:[email protected]]On Behalf Of > Bill Nash > Sent: Saturday, March 12, 2005 4:40 PM > To: Fergie (Paul Ferguson) > Cc: [email protected] > Subject: Re: IRC bots... > > > > On Sat, 12 Mar 2005, Fergie (Paul Ferguson) wrote: > > > Somewhat related to operational issues... > > > > It was interesting to read the "daily handler" log at > > the ISC which related their experiences with detecting > > (and disabling/disinfecting) a machine/network infected > > with several IRCbot drone computers. As someone who has > > had to deal with with this issue on several customer > > networks, it is sometimes intriguing at the length at > > which some of the developers of these damned things > > go through to accomplish their feats. :-) > > A fun solution to mitigating this problem: NAT or PBR to funnel all > standard outbound IRC traffic to an internal ircd of your choice. [ SNIP ] Who's got time for all that? Chase the controller, shut down the user until they buy some AV software. We've gone beyond "I didn't know" for endusers in most regions. This problem turned into the spam problem faster than the spam problem did. -M<
|