Educause Security Discussion mailing list archives
Re: IRC policies
From: Elliot Kendall <ekendall () BRANDEIS EDU>
Date: Wed, 6 Jun 2007 08:58:56 -0400
On 2007-06-06 07:47:14 -0400, Knowles, Richard N. CISSP PMP wrote:
Are there any schools that are blocking IRC to curb 'bot activity?
We use some rules built into Snort to monitor IRC activity, but do not block it outright. Once we confirm that a particular user is legitimate, we whitelist them to avoid further alerts. This system also allows us to identify and remediate infected machines. If you simply block IRC, infected machines may be safe while they remain on campus, but will start causing problems as soon as they're connected to a different network. I've been very surprised by the number of legitimate IRC users we have on campus. I had thought IRC's popularity was on the wane, but many applications with chat functionality use it as a backend. For that reason, I would be very careful about blocking it completely. -- Elliot Kendall <ekendall () brandeis edu> Network Security Architect Brandeis University Trouble replying? See http://people.brandeis.edu/~ekendall/sign/
Attachment:
smime.p7s
Description:
Current thread:
- IRC policies Knowles, Richard N. CISSP PMP (Jun 06)
- <Possible follow-ups>
- IRC policies Knowles, Richard N. CISSP PMP (Jun 06)
- Re: IRC policies John Piercy (Jun 06)
- Re: IRC policies John Piercy (Jun 06)
- Re: IRC policies Elliot Kendall (Jun 06)
- Re: IRC policies Anthony Maszeroski (Jun 06)
- Re: IRC policies Everett, Alex (Jun 06)
- Re: IRC policies Hull, Dave (Jun 06)
- Re: IRC policies Hull, Dave (Jun 06)
- Re: IRC policies Everett, Alex (Jun 06)
- Re: IRC policies Gary Dobbins (Jun 06)
- Re: IRC policies H. Morrow Long (Jun 06)
- Re: IRC policies David Shettler (Jun 06)
- Re: IRC policies Gary Flynn (Jun 06)
- Re: IRC policies Cal Frye (Jun 06)