Educause Security Discussion mailing list archives
Re: IRC policies
From: Anthony Maszeroski <maszeroskia3 () SCRANTON EDU>
Date: Wed, 6 Jun 2007 09:40:27 -0400
I monitor the volume of IRC NICK/USER registration requests and JOIN requests via IPS. If that number starts rising sharply I start looking for bot activity. I also monitor our Packetshaper for large numbers of new flows per minute coming from any single host (excluding enterprise and DNS servers). That usually catches any infected host that is starting to attack. I'd rather catch the bad IRC activity than prevent IRC from working altogether. Knowles, Richard N. CISSP PMP wrote:
Are there any schools that are blocking IRC to curb ‘bot activity? Rich Knowles CISSP PMP University Information Security Officer Miami University
-- - Anthony Maszeroski ----------------------------------- Information Security Manager The University of Scranton email : maszeroskia3 () scranton edu phone : 570-941-4226 -----------------------------------
Current thread:
- IRC policies Knowles, Richard N. CISSP PMP (Jun 06)
- <Possible follow-ups>
- IRC policies Knowles, Richard N. CISSP PMP (Jun 06)
- Re: IRC policies John Piercy (Jun 06)
- Re: IRC policies John Piercy (Jun 06)
- Re: IRC policies Elliot Kendall (Jun 06)
- Re: IRC policies Anthony Maszeroski (Jun 06)
- Re: IRC policies Everett, Alex (Jun 06)
- Re: IRC policies Hull, Dave (Jun 06)
- Re: IRC policies Hull, Dave (Jun 06)
- Re: IRC policies Everett, Alex (Jun 06)
- Re: IRC policies Gary Dobbins (Jun 06)
- Re: IRC policies H. Morrow Long (Jun 06)
- Re: IRC policies David Shettler (Jun 06)
- Re: IRC policies Gary Flynn (Jun 06)
- Re: IRC policies Cal Frye (Jun 06)