Educause Security Discussion mailing list archives
Re: IRC policies
From: "Hull, Dave" <dphull () KU EDU>
Date: Wed, 6 Jun 2007 09:45:10 -0500
In my past life working in a security office, the Snort signatures that monitor nick changes to a great job of tipping off machines that are bots. Normal users don't request nick changes as rapidly as bots. If you're wanting to monitor IRC or clamp down on it, pay particular attention and tune well your Snort or other IDS/IPS rules that watch for nick changes. YMMV. -- Dave Hull, CISSP, CHFI IT Director KU School of Architecture & Urban Planning 785-864-2629 "The free world says that software is the embodiment of knowledge about technology, which needs to be free in the same way that mathematics is free." -- Eben Moglen, Software Freedom Law Center
Current thread:
- IRC policies Knowles, Richard N. CISSP PMP (Jun 06)
- <Possible follow-ups>
- IRC policies Knowles, Richard N. CISSP PMP (Jun 06)
- Re: IRC policies John Piercy (Jun 06)
- Re: IRC policies John Piercy (Jun 06)
- Re: IRC policies Elliot Kendall (Jun 06)
- Re: IRC policies Anthony Maszeroski (Jun 06)
- Re: IRC policies Everett, Alex (Jun 06)
- Re: IRC policies Hull, Dave (Jun 06)
- Re: IRC policies Hull, Dave (Jun 06)
- Re: IRC policies Everett, Alex (Jun 06)
- Re: IRC policies Gary Dobbins (Jun 06)
- Re: IRC policies H. Morrow Long (Jun 06)
- Re: IRC policies David Shettler (Jun 06)
- Re: IRC policies Gary Flynn (Jun 06)
- Re: IRC policies Cal Frye (Jun 06)