Educause Security Discussion mailing list archives
Re: IRC policies
From: "Hull, Dave" <dphull () KU EDU>
Date: Wed, 6 Jun 2007 09:43:07 -0500
I agree. There are legitimate uses for IRC. I'm logged into several IRC channels on a daily basis as I work on various software development projects. Being able to field questions to a group of developers and get immediate feedback is invaluable. Whitelisting legit users is a great idea. Require users to register in order to use IRC, but I don't think I'd block it out right. -- Dave Hull, CISSP, CHFI IT Director KU School of Architecture & Urban Planning 785-864-2629 "The free world says that software is the embodiment of knowledge about technology, which needs to be free in the same way that mathematics is free." -- Eben Moglen, Software Freedom Law Center -----Original Message----- From: Elliot Kendall [mailto:ekendall () BRANDEIS EDU] Sent: Wednesday, June 06, 2007 7:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] IRC policies On 2007-06-06 07:47:14 -0400, Knowles, Richard N. CISSP PMP wrote:
Are there any schools that are blocking IRC to curb 'bot activity?
We use some rules built into Snort to monitor IRC activity, but do not block it outright. Once we confirm that a particular user is legitimate, we whitelist them to avoid further alerts. This system also allows us to identify and remediate infected machines. If you simply block IRC, infected machines may be safe while they remain on campus, but will start causing problems as soon as they're connected to a different network. I've been very surprised by the number of legitimate IRC users we have on campus. I had thought IRC's popularity was on the wane, but many applications with chat functionality use it as a backend. For that reason, I would be very careful about blocking it completely. -- Elliot Kendall <ekendall () brandeis edu> Network Security Architect Brandeis University Trouble replying? See http://people.brandeis.edu/~ekendall/sign/
Current thread:
- IRC policies Knowles, Richard N. CISSP PMP (Jun 06)
- <Possible follow-ups>
- IRC policies Knowles, Richard N. CISSP PMP (Jun 06)
- Re: IRC policies John Piercy (Jun 06)
- Re: IRC policies John Piercy (Jun 06)
- Re: IRC policies Elliot Kendall (Jun 06)
- Re: IRC policies Anthony Maszeroski (Jun 06)
- Re: IRC policies Everett, Alex (Jun 06)
- Re: IRC policies Hull, Dave (Jun 06)
- Re: IRC policies Hull, Dave (Jun 06)
- Re: IRC policies Everett, Alex (Jun 06)
- Re: IRC policies Gary Dobbins (Jun 06)
- Re: IRC policies H. Morrow Long (Jun 06)
- Re: IRC policies David Shettler (Jun 06)
- Re: IRC policies Gary Flynn (Jun 06)
- Re: IRC policies Cal Frye (Jun 06)