Educause Security Discussion mailing list archives
Re: IRC, IM Proxy Implementations
From: Richard Gadsden <gadsden () MUSC EDU>
Date: Thu, 2 Sep 2004 16:11:01 -0400
On Thu, 2 Sep 2004, Gary Flynn wrote:
Dave Monnier, IT Security Office, Indiana University wrote:As an operational solution to our bot problem, we've blocked all IRC known ports at the border and require users to use the campus VPN should they want to reach IRC networks.We blocked them last fall and offered an account on one of our hosts if IRC access was desired. I don't remember any specific complaints last year. We've had two complaints this year. There is a fair bit of IRC traffic to non-standard ports which I hope to classify one day. (snip)
We've already seen bots using non-standard ports for their IRC traffic. Blocking of the standard IRC ports by some sites has had an unintended consequence, namely, it has introduced a selective pressure into the environment, forcing the bot coders to adapt by adding support for non-standard ports, in the process making their bots harder to detect. Having feared (and now having observed) this adaptation, we've resisted the urge to block the standard IRC ports, believing that any benefit would likely be short-lived, and not worth the pain. --- o --- Richard Gadsden Chief Information Security Officer Medical University of South Carolina ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- IRC, IM Proxy Implementations Hearn, David L. (Sep 02)
- <Possible follow-ups>
- Re: IRC, IM Proxy Implementations Dave Monnier, IT Security Office, Indiana University (Sep 02)
- Re: IRC, IM Proxy Implementations Rick Coloccia (Sep 02)
- Re: IRC, IM Proxy Implementations Craig Blaha (Sep 02)
- Re: IRC, IM Proxy Implementations Gary Flynn (Sep 02)
- Re: IRC, IM Proxy Implementations Gary Flynn (Sep 02)
- Re: IRC, IM Proxy Implementations Dave Monnier, IT Security Office, Indiana University (Sep 02)
- Re: IRC, IM Proxy Implementations Richard Gadsden (Sep 02)
- Re: IRC, IM Proxy Implementations Dave Monnier, IT Security Office, Indiana University (Sep 02)
- Re: IRC, IM Proxy Implementations H. Morrow Long (Sep 02)
- Re: IRC, IM Proxy Implementations Justin Azoff (Sep 03)
- Re: IRC, IM Proxy Implementations Richard Gadsden (Sep 03)
- Re: IRC, IM Proxy Implementations Dave Monnier, IT Security Office, Indiana University (Sep 03)
- Re: IRC, IM Proxy Implementations Gary Flynn (Sep 03)
- Re: IRC, IM Proxy Implementations Brian Eckman (Sep 03)
- Re: IRC, IM Proxy Implementations Mike Iglesias (Sep 03)
- Re: IRC, IM Proxy Implementations Richard Gadsden (Sep 03)
- Re: IRC, IM Proxy Implementations Justin Azoff (Sep 03)
(Thread continues...)