Educause Security Discussion mailing list archives
Re: IRC policies
From: David Shettler <dshettle () HOLYCROSS EDU>
Date: Wed, 6 Jun 2007 11:25:54 -0400
We're blocking _and_ quarantining outright via an IPS, and white-listing on request. Have had only one instance where white-listing was required in 18+ months that was not an ITS employee using it. Not the solution for every school, but has worked wonderfully for us. Dave Shettler Sr. Tech Services Engineer College of the Holy Cross etiolated.org On 6/6/07, H. Morrow Long <morrow.long () yale edu> wrote:
And if you see a computer repeatedly and unsuccessfully attempting to: * join a channel (e.g. #mp3-w@r3z) 4-ever * use a nick or variants of the same nick (particularly "hacker", "hack3993", etc.) * use a particular username particularly when the nick or username is already in use but the computer persists in mindless repetition -- you've probably got a bot. Lots of PINGs and PONGs are also often a good sign but are not necessarily. - H. Morrow Long, CISSP, CISM, CEH University Information Security Officer Director -- Information Security Office Yale University, ITS On Jun 6, 2007, at 10:45 AM, Hull, Dave wrote: In my past life working in a security office, the Snort signatures that monitor nick changes to a great job of tipping off machines that are bots. Normal users don't request nick changes as rapidly as bots. If you're wanting to monitor IRC or clamp down on it, pay particular attention and tune well your Snort or other IDS/IPS rules that watch for nick changes. YMMV. -- Dave Hull, CISSP, CHFI IT Director KU School of Architecture & Urban Planning 785-864-2629 "The free world says that software is the embodiment of knowledge about technology, which needs to be free in the same way that mathematics is free." -- Eben Moglen, Software Freedom Law Center
Current thread:
- Re: IRC policies, (continued)
- Re: IRC policies John Piercy (Jun 06)
- Re: IRC policies John Piercy (Jun 06)
- Re: IRC policies Elliot Kendall (Jun 06)
- Re: IRC policies Anthony Maszeroski (Jun 06)
- Re: IRC policies Everett, Alex (Jun 06)
- Re: IRC policies Hull, Dave (Jun 06)
- Re: IRC policies Hull, Dave (Jun 06)
- Re: IRC policies Everett, Alex (Jun 06)
- Re: IRC policies Gary Dobbins (Jun 06)
- Re: IRC policies H. Morrow Long (Jun 06)
- Re: IRC policies David Shettler (Jun 06)
- Re: IRC policies Gary Flynn (Jun 06)
- Re: IRC policies Cal Frye (Jun 06)